Abstract
To determine the ideal functions for intrusion detection systems (IDS), the selection or reduction of features is a complex process. Unnecessary features in the dataset will increase the burden of features and affect the performance of the system and the information transfer rate. In this paper, feature selection is done using the PART (Projective Adaptive Resonance Theory) model with attribute ranking for effective detection of network attacks by training and testing the CICIDS 2017 dataset responsible for the DoS/DDoS attack. The system first receives the feature subset of each classifier, depending on the normal weight and the strategy of combining other subsets. The proposed feature selection technique introduces 14 reduced options for identifying DDoS attacks from the data set of CICIDS 2017. Compared with these selective features within the CICIDS 2017 dataset, the proposed method shows near attainment of the result with the full features used in the dataset. A portion of the features in the dataset might be repetitive or contribute close to nothing to the identification of attacks and may increase the computational task of the working process. In this research, such unused features are removed and all the weighted features are included when building an IDS, which shows excellent computationally effective performance. A three-step procedure has been considered for the accomplishment of accuracy, which includes (I) data collection and pre-processing, (II) machine learning model selection and training; and (III) performance model evaluation. We have examined the representation of two parts of the feature selection for performance calculation and accuracy, including Information Gain-Feature Selection, Correlation-Feature Selection and Ref-Feature Selection. When using 48, 28, and 14 feature selection subsets, the respective results were 99.9981%, 99.9873%, and 99.9974%. The results show that the selection of key information for features is crucial for planning IDS that is simple, effective, and feasible for intrusion detection systems. Finally, we provide a hybrid architecture that can incorporate feature selection calculation to achieve more accurate intrusion detection by selecting the most desired features to identify more accurate attack results while reducing the computation task.
Similar content being viewed by others
References
Ambusaidi MA, He X, Nanda P, Tan Z. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput. 2016;65(10):2986–98.
Jyothsna V, Prasad VR. Fcaais: anomaly based network intrusion detection through feature correlation analysis and association impact scale. ICT Express. 2016;2(3):103–16.
Khammassi C, Krichen S. A GALR wrapper approach for feature selection in network intrusion detection. Comput Secur. 2017;70:255–77.
Manzoor I, Kumar N, et al. A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl. 2017;88:249–57.
Divyasree T, Sherly K. A network intrusion detection system based on ensemble CVM using efficient feature selection approach. Proc Comput Sci. 2018;143:442–9.
Selvakumar K, Karuppiah M, SaiRamesh L, Islam SH, Hassan MM, Fortino G, Choo K-KR. Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNS. Inf Sci. 2019;497:77–90.
Hemanth D, et al. Distribution diversity method of feature optimization (DDMFO) to defend the intrusion practices on iot networks. 2022
Yulianto A, Sukarno P, Suwastika NA. Improving adaboost-based intrusion detection system (IDS) performance on CICIDS 2017 dataset. J Phys Conf Ser. 2019;1192: 012018. IOP Publishing
Prasad M, Tripathi S, Dahal K. An efficient feature selection based Bayesian and rough set approach for intrusion detection. Appl Soft Comput. 2020;87: 105980.
Hosseini S, Seilani H. Anomaly process detection using negative selection algorithm and classification techniques. Evol Syst. 2021;12(3):769–78.
Alabdul Wahab S, Moon B. Feature selection methods simultaneously improve the detection accuracy and model building time of machine learning classifiers. Symmetry. 2020;12(9):1424.
Buczak AL, Guven E. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor. 2015;18(2):1153–76.
Chandola V, Banerjee A, Kumar V. Anomaly detection: a survey. ACM Comput Surv (CSUR). 2009;41(3):1–58.
Kim G, Lee S, Kim S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl. 2014;41(4):1690–700.
Yeung D-Y, Ding Y. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 2003;36(1):229–43.
Yeung D-Y, Ding Y. User profiling for intrusion detection using dynamic and static behavioral models. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 494–505. Springer. 2002.
Wagner D, Dean R. Intrusion detection via static analysis. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp.156–168. IEEE. 2000.
Sharif M, Singh K, Giffin J, Lee W. Understanding precision in host based intrusion detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 21–41. Springer. 2007.
Ring M, Wunderlich S, Scheuring D, Landes D, Hotho A. A survey of network-based intrusion detection data sets. Comput Secur. 2019;86:147–67.
Meftah S, Rachidi T, Assem N. Network based intrusion detection using the UNSW-NB15 dataset. Int J Comput Digi Syst. 2019;8(5):478–87.
Carneiro J, Oliveira N, Sousa N, Maia E, Praca I. Machine learning for network-based intrusion detection systems: an analysis of the CIDDS-001 dataset. In: Distributed Computing and Artificial Intelligence, Volume 1:18th International Conference 18, pp. 148–158. Springer. 2022.
Bedi P, Gupta N, Jindal V. I-SIAMIDS: an improved SIAM-IDS for handling class imbalance in network-based intrusion detection systems. Appl Intell. 2021;51(2):1133–51.
Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 2018;1:108–16.
Thakkar A, Lohiya R. A review of the advancement in intrusion detection datasets. Proc Comput Sci. 2020;167:636–45.
Mahfouz A, Abuhussein A, Venugopal D, Shiva S. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Fut Internet. 2020;12(11):180.
Kshirsagar D, Kumar S. Identifying reduced features based on IG-threshold for dos attack detection using part. In: International Conference on Distributed Computing and Internet Technology, pp. 411–419. Springer. 2020.
Kshirsagar D, Kumar S. An efficient feature reduction method for the detection of dos attack. ICT Express. 2021;7(3):371–5.
Kshirsagar D, Kumar S. A feature reduction based reflected and exploited ddos attacks detection system. J Ambient Intell Humaniz Comput. 2022;13(1):393–405.
Kshirsagar D, Kumar S. Towards an intrusion detection system for detecting web attacks based on an ensemble of filter feature selection techniques. Cyber Phys Syst. 2002;1–16.
Sanchez-Marono N, Alonso-Betanzos A, Tombilla-Sanroman M. Filter methods for feature selection–a comparative study. In: International Conference on Intelligent Data Engineering and Automated Learning, pp.178–187. Springer. 2007.
Al Tobi AM, Duncan I. Improving intrusion detection model prediction by threshold adaptation. Information. 2019;10(5):159.
Almomani O, Almaiah MA, Alsaaidah A, Smadi S, Mohammad AH, Althunibat A. Machine learning classifiers for network intrusion detection system: comparative study. In: 2021 International Conference on Information Technology (ICIT), pp. 440–445. IEEE. 2021.
Vaarandi R. Real-time classification of IDS alerts with data mining techniques. In: MILCOM 2009–2009 IEEE Military Communications Conference, pp. 1–7. IEEE. 2009.
Sung AH, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks. In: 2003 Symposium on Applications and the Internet, 2003. Proceedings, pp.209–216. IEEE. 2003.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Research Trends in Communication and Network Technologies” guest edited by Anshul Verma, Pradeepika Verma and Kiran Kumar Pattanaik.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shanker, R., Madaan, V. & Agrawal, P. FSS-PART: Feature Grouping Subset Model for Predicting Network Attacks. SN COMPUT. SCI. 5, 94 (2024). https://doi.org/10.1007/s42979-023-02415-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42979-023-02415-7