Design and performance analysis of various feature selection methods for anomaly‐based techniques in intrusion detection system

Abstract

Intrusion detection system (IDS) is essential for the network; the intruder can steal sensitive information about networks. The IDS must have the ability to take care of large and real‐time data. The predicted rate must be high based on the available attribute. This work deals with a real intrusion detection problem, by its behavior. In this paper, we developed a hybrid model, which can detect intrusion by its action. We used an NSL‐KDD data set, the multiclass problem and binary problems are 25% tested. This model can be used to guess the availability of intrusion, able to determine the scope of intrusions based on the transaction of data in the network; training requires optimal features of a network transaction. The accuracy of the model is better for both binary class for the multiclass in NSL‐KDD data set. The complication of false data alarm rates is the most significant challenge in the IDS system, and it may be the low false rate or high false rate. Proposed work also addresses this problem. The first step that data will be filtered by Vote algorithm, the Information Gain will get associated with a base learner, to choose the necessary features, which directly affects the accuracy of the model. It uses the following classifier: RandomTree, REPTree, RandomForrest AdaBoostM1, Meta Pagging, DesicionStump, J48, LMT, Bagging, and Naive Bayes. On the based on the proposed model, it is observed as low false rate, high accuracy.