Machine learning techniques for behavioral feature selection in network intrusion detection systems

Vicente Martinez, Rodrigo Salas, Oliver Tessini, Romina Torres

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Information systems are prone to receiving multiple types of attacks over the network. Therefore, Network Intrusion Detection Systems (NIDSs) analyze the behavior of the network traffic to detect anomalies and eventual cyberattacks. The NIDS must be able to detect these cyberattacks in an efficient and effective manner based on a set of features where it is expected that the performance depends on both the selected features and the machine learning technique used. The main goal of this work is to identify the most relevant characteristics required to detect, with a high sensitivity and precision, between normal traffic and a network intrusion, together with the most relevant features associated to the identification of a specific type of attack. In this work, a comparative study of different decision tree-based machine learning techniques combined with several feature selection techniques in order to accomplish the goal. Random Forest and the XGBoost achieved a performance that reaches up to 98.5% in the F-measure when the complete set of features were used. Results show the performance was just slightly reduced to 98% when the 10 most relevant features were used. Moreover, results also show that the model using only the 10 most relevant features was able to separately identify the type of attack with a performance of at least 90% in the F-measure. We conclude that it is possible to obtain and rank a subset of the most relevant features that characterize the intrusion pattern in the network traffic in order to support the decision of how many features to include during runtime under a real network environment.

Original languageEnglish
Title of host publicationIET Conference Proceedings
PublisherInstitution of Engineering and Technology
Pages109-114
Number of pages6
Volume2021
Edition1
ISBN (Electronic)9781839534300
DOIs
StatePublished - 2021
Externally publishedYes
Event11th International Conference of Pattern Recognition Systems, ICPRS 2021 - Virtual, Online
Duration: 17 Mar 202119 Mar 2021

Conference

Conference11th International Conference of Pattern Recognition Systems, ICPRS 2021
CityVirtual, Online
Period17/03/2119/03/21

Keywords

  • Feature Selection
  • Intrusion Detection
  • Machine Learning
  • UNSW-NB 15

Fingerprint

Dive into the research topics of 'Machine learning techniques for behavioral feature selection in network intrusion detection systems'. Together they form a unique fingerprint.

Cite this