SRFE: A stepwise recursive feature elimination approach for network intrusion detection systems

Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features’ significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round.