SRFE: A stepwise recursive feature elimination approach for network intrusion detection systems

IF 3.3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Peer-To-Peer Networking and Applications Pub Date : 2024-08-22 DOI:10.1007/s12083-024-01763-2
Abdelaziz Alshaikh Qasem, Mahmoud H. Qutqut, Fatima Alhaj, Asem Kitana
{"title":"SRFE: A stepwise recursive feature elimination approach for network intrusion detection systems","authors":"Abdelaziz Alshaikh Qasem, Mahmoud H. Qutqut, Fatima Alhaj, Asem Kitana","doi":"10.1007/s12083-024-01763-2","DOIUrl":null,"url":null,"abstract":"<p>Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features’ significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round.</p>","PeriodicalId":49313,"journal":{"name":"Peer-To-Peer Networking and Applications","volume":"22 1","pages":""},"PeriodicalIF":3.3000,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Peer-To-Peer Networking and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12083-024-01763-2","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features’ significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
SRFE:网络入侵检测系统的逐步递归特征消除方法
网络入侵检测系统(NIDS)已发展成为网络安全研究的一个重要课题,这主要是由于网络攻击和情报的增长,这也导致了机器学习(ML)的使用,以推进和增强 NIDS。NIDS 是任何环境中的第一道防线,可检测外部和内部攻击。最近,入侵机制变得越来越复杂,检测难度也越来越大。研究人员已经应用了 ML 等技术来检测入侵者并确保网络安全。本文提出了一种名为 SRFE(逐步递归特征消除)的新方法,以提高 NIDS 预测模型的性能和效率。我们的方法主要依赖于递归特征消除,其原理简单而有效。我们在网络安全领域使用最广泛的数据集(NSL-KDD)上试验了四种分类算法,即支持向量机(SVM)、奈夫贝叶斯(NB)、J48 和随机森林(RF)。该方法主要基于使用信息增益(IG)方法进行的特征重要性排序。我们根据三个场景进行了多次实验。每个场景都包含不同的轮次,在每一轮中,我们训练分类器逐步剔除排名最低的三个特征。实验结果表明,RF 和 J48 分类器的准确率分别为 99.80% 和 99.66%,优于其他二元分类器。此外,这两种分类器在多类分类任务中都取得了最佳成绩;J48 在第七轮中取得了 99.53% 的准确率,RF 在第五轮中取得了 99.69% 的准确率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Peer-To-Peer Networking and Applications
Peer-To-Peer Networking and Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS
CiteScore
8.00
自引率
7.10%
发文量
145
审稿时长
12 months
期刊介绍: The aim of the Peer-to-Peer Networking and Applications journal is to disseminate state-of-the-art research and development results in this rapidly growing research area, to facilitate the deployment of P2P networking and applications, and to bring together the academic and industry communities, with the goal of fostering interaction to promote further research interests and activities, thus enabling new P2P applications and services. The journal not only addresses research topics related to networking and communications theory, but also considers the standardization, economic, and engineering aspects of P2P technologies, and their impacts on software engineering, computer engineering, networked communication, and security. The journal serves as a forum for tackling the technical problems arising from both file sharing and media streaming applications. It also includes state-of-the-art technologies in the P2P security domain. Peer-to-Peer Networking and Applications publishes regular papers, tutorials and review papers, case studies, and correspondence from the research, development, and standardization communities. Papers addressing system, application, and service issues are encouraged.
期刊最新文献
Are neck pain, disability, and deep neck flexor performance the same for the different types of temporomandibular disorders? Enhancing cloud network security with a trust-based service mechanism using k-anonymity and statistical machine learning approach Towards real-time non-preemptive multicast scheduling in reconfigurable data center networks Homomorphic multi-party computation for Internet of Medical Things BPPKS: A blockchain-based privacy preserving and keyword-searchable scheme for medical data sharing
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1