Network Attacks Detection Depend on Majority Voting – Weighted Average for Feature Selection and Various Machine Learning Approaches

Abstract

Due to the enormous growth in Internet usage and computer networks in recent years, new risks and challenges have arisen to network security. Among lots of security problems, network attack is a significant one. For instance, Distributed Denial of Service (DDoS) attacks have become appealing to intruders, and these have presented destructive threats to network infrastructures. Thus, Intrusion Detection Systems (IDSs) and Machine Learning (ML) approaches play a key role to detect such attacks effectively and efficiently. An essential part of several classification issues is the feature selection phase because to detect DDoS attacks depends on how one selects the minimal and relevant features in the network traffics. Unlike recent studies, in this work, a real-life SNMP-MIB dataset is used, as well as, we suggest an Ensemble-Weighted average approach (EnWaFS) that excludes the irrelevant features. An EnWaFS approach consists of two methods, first, Ensemble features by using a majority-voting method that mixed the outcomes of three feature selection approaches, second, a weighted average method that gives one weight for each feature and diminishes also the number of attributes. To evaluate an EnWaFS approach, we have performed four Machine Learning classifiers Neural network (Multi-Layer Perceptron), Vector Support Machine (SVM), Naïve Bayes (NB), and Random Forest (RF) utilizing the optimal set of attributes. The results reveal that our EnWaFS approach can efficiently decrease the number of attributes from 34 to 12 and also, from four ML classifiers were used, the RF technique achieved better performance due to the accuracy, sensitivity (recall), F-1 measure, precision, true-positive-rate, and the false-positive-rate which is decreased.