An anomaly-based intrusion detection system using recursive feature elimination technique for improved attack detection

Abstract

The explosive growth of Internet and technologies has resulted in better life-changing services to the society. This drastic change has invariably kept the users connected to the Internet uninterruptedly. The adversaries might exploit this “always-on” Internet connection and would jeopardize the network infrastructure through malicious activities using the networks' hardware and software vulnerabilities. However, the network traffic volume poses difficulties for the cyber analyst to monitor, detect, identify, and quickly respond to the network attacks. Therefore it is paramount to protect the integrity, availability, confidentiality of the network infrastructure, and its digital assets by deploying Intrusion Detection Systems. However, augmenting new techniques avoids overwhelming the analysts from a myriad of events. This research aims to analyze the traffic for the significant features that assist in reliable intrusion detection and minimize the resource requirements and computational complexity of the detection process. The proposed method uses Recursive Feature Elimination technique to rank features based on feature importance and Random Forest algorithm performs the attack classification. The experimental findings show these significant 21 features are useful in anomaly detection with an accuracy of 99.83% for binary attack detection, 99.69% for multiclass classification with an execution time of 20 seconds, and 39 seconds respectively on the NSL-KDD dataset.