Skip to main content
SpringerLink
Log in

FSS-PART: Feature Grouping Subset Model for Predicting Network Attacks

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

To determine the ideal functions for intrusion detection systems (IDS), the selection or reduction of features is a complex process. Unnecessary features in the dataset will increase the burden of features and affect the performance of the system and the information transfer rate. In this paper, feature selection is done using the PART (Projective Adaptive Resonance Theory) model with attribute ranking for effective detection of network attacks by training and testing the CICIDS 2017 dataset responsible for the DoS/DDoS attack. The system first receives the feature subset of each classifier, depending on the normal weight and the strategy of combining other subsets. The proposed feature selection technique introduces 14 reduced options for identifying DDoS attacks from the data set of CICIDS 2017. Compared with these selective features within the CICIDS 2017 dataset, the proposed method shows near attainment of the result with the full features used in the dataset. A portion of the features in the dataset might be repetitive or contribute close to nothing to the identification of attacks and may increase the computational task of the working process. In this research, such unused features are removed and all the weighted features are included when building an IDS, which shows excellent computationally effective performance. A three-step procedure has been considered for the accomplishment of accuracy, which includes (I) data collection and pre-processing, (II) machine learning model selection and training; and (III) performance model evaluation. We have examined the representation of two parts of the feature selection for performance calculation and accuracy, including Information Gain-Feature Selection, Correlation-Feature Selection and Ref-Feature Selection. When using 48, 28, and 14 feature selection subsets, the respective results were 99.9981%, 99.9873%, and 99.9974%. The results show that the selection of key information for features is crucial for planning IDS that is simple, effective, and feasible for intrusion detection systems. Finally, we provide a hybrid architecture that can incorporate feature selection calculation to achieve more accurate intrusion detection by selecting the most desired features to identify more accurate attack results while reducing the computation task.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Ambusaidi MA, He X, Nanda P, Tan Z. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput. 2016;65(10):2986–98.

    Article  MathSciNet  MATH  Google Scholar 

  2. Jyothsna V, Prasad VR. Fcaais: anomaly based network intrusion detection through feature correlation analysis and association impact scale. ICT Express. 2016;2(3):103–16.

    Article  Google Scholar 

  3. Khammassi C, Krichen S. A GALR wrapper approach for feature selection in network intrusion detection. Comput Secur. 2017;70:255–77.

    Article  Google Scholar 

  4. Manzoor I, Kumar N, et al. A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl. 2017;88:249–57.

    Article  Google Scholar 

  5. Divyasree T, Sherly K. A network intrusion detection system based on ensemble CVM using efficient feature selection approach. Proc Comput Sci. 2018;143:442–9.

    Article  Google Scholar 

  6. Selvakumar K, Karuppiah M, SaiRamesh L, Islam SH, Hassan MM, Fortino G, Choo K-KR. Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNS. Inf Sci. 2019;497:77–90.

    Article  Google Scholar 

  7. Hemanth D, et al. Distribution diversity method of feature optimization (DDMFO) to defend the intrusion practices on iot networks. 2022

  8. Yulianto A, Sukarno P, Suwastika NA. Improving adaboost-based intrusion detection system (IDS) performance on CICIDS 2017 dataset. J Phys Conf Ser. 2019;1192: 012018. IOP Publishing

  9. Prasad M, Tripathi S, Dahal K. An efficient feature selection based Bayesian and rough set approach for intrusion detection. Appl Soft Comput. 2020;87: 105980.

    Article  Google Scholar 

  10. Hosseini S, Seilani H. Anomaly process detection using negative selection algorithm and classification techniques. Evol Syst. 2021;12(3):769–78.

    Article  Google Scholar 

  11. Alabdul Wahab S, Moon B. Feature selection methods simultaneously improve the detection accuracy and model building time of machine learning classifiers. Symmetry. 2020;12(9):1424.

    Article  Google Scholar 

  12. Buczak AL, Guven E. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor. 2015;18(2):1153–76.

    Article  Google Scholar 

  13. Chandola V, Banerjee A, Kumar V. Anomaly detection: a survey. ACM Comput Surv (CSUR). 2009;41(3):1–58.

    Article  Google Scholar 

  14. Kim G, Lee S, Kim S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl. 2014;41(4):1690–700.

    Article  MathSciNet  Google Scholar 

  15. Yeung D-Y, Ding Y. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 2003;36(1):229–43.

    Article  MATH  Google Scholar 

  16. Yeung D-Y, Ding Y. User profiling for intrusion detection using dynamic and static behavioral models. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 494–505. Springer. 2002.

  17. Wagner D, Dean R. Intrusion detection via static analysis. In: Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp.156–168. IEEE. 2000.

  18. Sharif M, Singh K, Giffin J, Lee W. Understanding precision in host based intrusion detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 21–41. Springer. 2007.

  19. Ring M, Wunderlich S, Scheuring D, Landes D, Hotho A. A survey of network-based intrusion detection data sets. Comput Secur. 2019;86:147–67.

    Article  Google Scholar 

  20. Meftah S, Rachidi T, Assem N. Network based intrusion detection using the UNSW-NB15 dataset. Int J Comput Digi Syst. 2019;8(5):478–87.

    Google Scholar 

  21. Carneiro J, Oliveira N, Sousa N, Maia E, Praca I. Machine learning for network-based intrusion detection systems: an analysis of the CIDDS-001 dataset. In: Distributed Computing and Artificial Intelligence, Volume 1:18th International Conference 18, pp. 148–158. Springer. 2022.

  22. Bedi P, Gupta N, Jindal V. I-SIAMIDS: an improved SIAM-IDS for handling class imbalance in network-based intrusion detection systems. Appl Intell. 2021;51(2):1133–51.

    Article  Google Scholar 

  23. Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 2018;1:108–16.

    Google Scholar 

  24. Thakkar A, Lohiya R. A review of the advancement in intrusion detection datasets. Proc Comput Sci. 2020;167:636–45.

    Article  Google Scholar 

  25. Mahfouz A, Abuhussein A, Venugopal D, Shiva S. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Fut Internet. 2020;12(11):180.

    Article  Google Scholar 

  26. Kshirsagar D, Kumar S. Identifying reduced features based on IG-threshold for dos attack detection using part. In: International Conference on Distributed Computing and Internet Technology, pp. 411–419. Springer. 2020.

  27. Kshirsagar D, Kumar S. An efficient feature reduction method for the detection of dos attack. ICT Express. 2021;7(3):371–5.

    Article  Google Scholar 

  28. Kshirsagar D, Kumar S. A feature reduction based reflected and exploited ddos attacks detection system. J Ambient Intell Humaniz Comput. 2022;13(1):393–405.

    Article  Google Scholar 

  29. Kshirsagar D, Kumar S. Towards an intrusion detection system for detecting web attacks based on an ensemble of filter feature selection techniques. Cyber Phys Syst. 2002;1–16.

  30. Sanchez-Marono N, Alonso-Betanzos A, Tombilla-Sanroman M. Filter methods for feature selection–a comparative study. In: International Conference on Intelligent Data Engineering and Automated Learning, pp.178–187. Springer. 2007.

  31. Al Tobi AM, Duncan I. Improving intrusion detection model prediction by threshold adaptation. Information. 2019;10(5):159.

    Article  Google Scholar 

  32. Almomani O, Almaiah MA, Alsaaidah A, Smadi S, Mohammad AH, Althunibat A. Machine learning classifiers for network intrusion detection system: comparative study. In: 2021 International Conference on Information Technology (ICIT), pp. 440–445. IEEE. 2021.

  33. Vaarandi R. Real-time classification of IDS alerts with data mining techniques. In: MILCOM 2009–2009 IEEE Military Communications Conference, pp. 1–7. IEEE. 2009.

  34. Sung AH, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks. In: 2003 Symposium on Applications and the Internet, 2003. Proceedings, pp.209–216. IEEE. 2003.

Download references

Author information

Author notes

  1. Ravi Shanker, Vishu Madaan and Prateek Agrawa have contributed equally to this work.

Authors and Affiliations

  1. Computer Science and Engineering, Lovely Professional University, Jalandhar-Delhi G.T. Road (NH-1), Phagwara, Punjab, 144411, India

    Ravi Shanker, Vishu Madaan & Prateek Agrawal

Authors
  1. Ravi Shanker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vishu Madaan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Prateek Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prateek Agrawal.

Ethics declarations

Conflict of Interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Research Trends in Communication and Network Technologies” guest edited by Anshul Verma, Pradeepika Verma and Kiran Kumar Pattanaik.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shanker, R., Madaan, V. & Agrawal, P. FSS-PART: Feature Grouping Subset Model for Predicting Network Attacks. SN COMPUT. SCI. 5, 94 (2024). https://doi.org/10.1007/s42979-023-02415-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-023-02415-7

Keywords

Search

Navigation