Enhancing Intrusion Detection System Performance through Feature Selection

Abstract

Network intrusion detection systems are critical for identifying anomalous activities and cyberthreats. The anomaly detection method for network intrusion detection systems has become substantial in detecting novel attacks in intrusion detection systems. Achieving high accuracy with the lowest false alarm rate is a significant challenge in designing an intrusion detection system. Network intrusion detection systems based on machine learning methods are effective and accurate in detecting network attacks. It also highlights the importance of using various feature selection techniques to identify the optimal subset of features. This paper investigates enhancing network intrusion detection systems performance through correlation analysis and feature selection on the part of the NF-UQ- NIDS-v2 NetFlow dataset that will be used for training and testing our models. In our experiments, binary classification configurations were considered. Two approaches are explored: applying feature selection methods directly to the initial 39 features set, and performing correlation analysis to eliminate redundant features then applying feature selection methods. Recursive feature elimination, mutual information, and One-way ANOVA methods select optimized feature subsets. An ExtraTrees ensemble classifier performs binary classification of benign and traffic under attack. Results indicate that employing Recursive feature elimination on 8 features after performing correlation analysis yields the most promising outcomes. It achieves a high detection accuracy of 98.13%, recall of 98.23%, and Area Under Curve of 99.73%. Notably, it substantially reduces the false alarm rate by 53.73% compared to using all 39 features bringing it to 0.3589%, and decreases the scoring time by 34.21%, resulting in an efficient scoring time.