M-MultiSVM: An efficient feature selection assisted network intrusion detection system using machine learning

Abstract

The intrusions are increasing daily, so there is a huge amount of privacy violations, financial loss, illegal transferring of information, etc. Various forms of intrusion occur in networks, such as menacing networks, computer resources and network information. Each type of intrusion focuses on specified tasks, whereas the hackers may focus on stealing confidential data, industrial secrets and personal information, which is then leaked to others for illegal gains. Due to the false detection of attacks in the security and changing environmental fields, limitations like data lagging on actual attacks and sustaining financial harms occur. To resolve this, automatic abnormality detection systems are required to secure the required computing ability and to analyze the attacks. Hence, an efficient automated intrusion detection system using machine learning methodology is proposed in this research paper. Initially, the data are gathered from CSE-CIC-IDS 2018 and UNSW-NB15 datasets. The acquired data are pre-processed using Null value handling and Min-Max normalization. Null value handling is used to remove missing values and irrelevant parameters. Min-Max normalization adjusted the unnormalized data in the pre-processing stage. After pre-processing, the class imbalance problem is reduced by using the Advanced Synthetic Minority Oversampling Technique (ASmoT). ASmoT aims to balance the class and reduce imbalance class problems and overfitting issues. The next phase is feature extraction, which is performed by Modified Singular Value Decomposition (M-SvD). M-SvD extracts essential features such as basic features, content features and traffic features from the input. The extracted features are optimized by the Opposition-based Northern Goshawk Optimization algorithm (ONgO). These optimal features are able to produce optimal output. After feature selection, the different types of attacks are classified by a hybrid machine learning model called Mud Ring assisted multilayer support vector machine (M-MultiSVM) and finally, the hyperparameters are tuned by the Mud Ring optimization algorithm. Thus, the proposed M-MultiSVM model can efficiently detect intrusion in the network. The performance metrics show that the proposed system achieved 99.89 % accuracy by using the CSE-CIC-IDS 2018 dataset; also, the proposed system achieved 97.535 % accuracy by using the UNSW-NB15 dataset.