Author:
Göcs László,Johanyák Zsolt Csaba
Abstract
Intrusion detection systems (IDSs) are essential elements of IT systems. Their key component is a classification module that continuously evaluates some features of the network traffic and identifies possible threats. Its efficiency is greatly affected by the right selection of the features to be monitored. Therefore, the identification of a minimal set of features that are necessary to safely distinguish malicious traffic from benign traffic is indispensable in the course of the development of an IDS. This paper presents the preprocessing and feature selection workflow as well as its results in the case of the CSE-CIC-IDS2018 on AWS dataset, focusing on five attack types. To identify the relevant features, six feature selection methods were applied, and the final ranking of the features was elaborated based on their average score. Next, several subsets of the features were formed based on different ranking threshold values, and each subset was tried with five classification algorithms to determine the optimal feature set for each attack type. During the evaluation, four widely used metrics were taken into consideration.
Reference63 articles.
1. L. Göcs and Z.C. Johanyák, Survey On Intrusion Detection Systems, in: 7th International Scientific and Expert Conference TEAM 2015 Technique, Education, Agriculture & Management, 2015.
2. L. Göcs, Z.C. Johanyák and S. Kovács, Review of Anomaly-Based IDS algorithms, in: 8th International Scientific and Expert Conference TEAM 2016 Technique, Education, Agriculture & Management, 2016.
3. Ensemble feature selection for high-dimensional data: a stability analysis across multiple domains;Pes;Neural Computing and Applications,2020
4. CNFRD: A Few-Shot Rumor Detection Framework via Capsule Network for COVID-19
5. A survey on feature selection techniques based on filtering methods for cyber attack detection;Lyu;Information,2023