UNSW-NB15 Dataset Research Articles

A comparative assessment of machine learning algorithms in the IoT-based network intrusion detection systems

The rapid increase in online risks is a reflection of the exponential growth of Internet of Things (IoT) networks. Researchers have proposed numerous intrusion detection techniques to mitigate the harm caused by these threats. Enterprises use intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) to keep their networks safe, stable, and accessible. Network intrusion detection solutions have lately integrated powerful Machine Learning (ML) techniques to safeguard IoT networks. Selecting the proper data features for effectively training such ML models is critical to maximizing detection accuracy and computational efficiency. However, the efficiency of these systems degrades in high-dimensional data spaces, and it is crucial to have a suitable feature extraction method to eliminate extraneous data from the classification procedure. The detection accuracy and false positive rate of many ML-based IDSs also rise when the samples used to train the models are unbalanced. This study provides a detailed overview of the UNSW-NB15(DS-1) and NF-UNSWNB15(DS-2) datasets for intrusion detection, which will be utilized to develop and evaluate our models. In addition, this model uses the MaxAbsScaler algorithm to implement a filter-based feature scaling strategy . Then, use the condensed feature set to perform several ML techniques, including Support Vector Machines (SVM), K-nearest neighbors (KNN), Logistic Regression (LR), Naive Bayes (NB), Decision Tree (DT), and Random Forest (RF), considering multiclass classification. Accuracy tests for the multiclass classification scheme were improved from 60% to 94% using the MaxAbsScaler-based feature scaling method.

Performance comparison analysis of classification methodologies for effective detection of intrusions

Intrusion detection systems (IDS) are critical in many applications, including cloud environments. The intrusion poses a security threat and extracts privacy data and information from the cloud. Additionally, intrusions can cause damage to system hardware, resulting in significant financial losses and exposing critical IT infrastructure to risk. To overcome these issues, this study employs the performance comparison analysis for IDS, which has been performed with different models like Autoencoder Convolutional neural network (AE+CNN), Random forest K-means clustering assisted deep neural network (RF+K-means+DNN), Autoencoder K-means clustering assisted long short term memory (AE+K-means+LSTM), Alexnet+Bi-GRU, AE+Alexnet+Bi-GRU and Wild horse AlexNet assisted Bi-directional Gated Recurrent Unit (WABi-GRU) models to choose the best methodology for effective detection of intrusions. The data needed for the analysis is collected from CICIDS2018, UNSW-NB15, NSL-KDD and ToN-IoT datasets. The collected data are pre-processed using data normalization and data cleaning. Finally, the best model has been chosen for effective intrusion detection, which is used for further processes. Various performances, such as accuracy, precision, recall, and f1-score, are analyzed for various existing and proposed models. From this performance comparison of six models such as AE+CNN, RF+K-means+DNN, AE+K-means+LSTM, Alexnet+Bi-GRU, AE+Alexnet+Bi-GRU and WABi-GRU. WABi-GRU can attain an accuracy of 99.890 % for multi-class classification in the CICIDS 2018 dataset, 99.7 % in the NSL-KDD dataset, 99.53 % in the UNSW-NB 15 dataset and 99.988 % for the ToN-IoT dataset. In this analysis, the models containing AlexNet Bi-GRU-based models can obtain better performances than other existing models. The WABi-GRU model can obtain better results than other models.

SYN-GAN: A robust intrusion detection system using GAN-based synthetic data for IoT security

As technological communication progresses, diverse datasets are exchanged across distributed environments using the Internet of Things (IoT). However, the IoT environment is vulnerable to attacking and breaching data privacy or making a robust system worse by providing attack data. To address potential risks of attacks, researchers have been conducting experiments on network intrusion detection systems (NIDS) to mitigate threats effectively. The issue of data imbalance and associated data collection costs persists, hindering the ability of machine learning (ML) models to learn malicious behaviour effectively and consequently impacting the accuracy of network threat detection. Addressing these issues, our study explores the potential of using 100% synthetic data generated via Generative Adversarial Networks (GAN) for training ML models in Network Intrusion Detection Systems (NIDS). This approach reduces the dependency on real-world data significantly, paving the way for a more flexible and ethically convenient model-building process. For the UNSW-NB15 dataset, we achieved an accuracy of 90%, a precision of 91%, a recall of 90%, and an F1 score of 89%. For the NSL-KDD dataset, our results showed an accuracy of 84%, a precision of 85%, a recall of 84%, and an F1 score of 84%. For the BoT-IoT dataset, we attained perfect scores of 100% across all metrics. These outcomes indicate that the values obtained from our analysis demonstrate high performance, yielding comparative or superior results to previous studies. Therefore, our study successfully replicates real-world network intrusion detection data, showing new opportunities for the use of generative data in cyber security.

Detection of Botnet in IOT Using Machine Learning

The proliferation of Internet of Things (IoT) devices has introduced unprecedented connectivity and convenience but also heightened the vulnerability to botnet attacks. There are an increasing number of Internet of Things (IoT) devices connected to the network these days, and due to the advancement in technology, the security threads and cyberattacks, such as botnets, are emerging and evolving rapidly with high-risk attacks. These attacks disrupt IoT transition by disrupting networks and services for IoT devices. Many recent studies have proposed ML and DL techniques for detecting and classifying botnet attacks in the IoT environment. This project presents a straightforward approach to detect botnet activity within IoT networks through the utilization of machine learning techniques. By analyzing network traffic patterns and employing unsupervised learning algorithms, we demonstrate an effective method to identify and mitigate botnet threats in IoT environments. By this project we intend to offer a valuable contribution in enhancing the security of IoT ecosystem. Key Word: Internet of Things(IoT),cybersecurity, botnet attacks, machine learning(ML),UNSW-NB15 dataset, exploratory data analysis, XgBoost

A Feature-Selection Method Based on Graph Symmetry Structure in Complex Networks

This study aims to address the issue of redundancy and interference in data-collection systems by proposing a novel feature-selection method based on maximum information coefficient (MIC) and graph symmetry structure in complex-network theory. The method involves establishing a weighted feature network, identifying key features using dominance set and node strength, and employing the binary particle-swarm algorithm and LS-SVM algorithm for solving and validation. The model is implemented on the UNSW-NB15 and UCI datasets, demonstrating noteworthy results. In comparison to the prediction methods within the datasets, the model’s running speed is significantly reduced, decreasing from 29.8 s to 6.3 s. Furthermore, when benchmarked against state-of-the-art feature-selection algorithms, the model achieves an impressive average accuracy of 90.3%, with an average time consumption of 6.3 s. These outcomes highlight the model’s superiority in terms of both efficiency and accuracy.

Cyberattack Analysis, Detection and Prevention using Machine Learning

Abstract: In today's linked world, with the increase of cyberattacks, it is critical to have strong detection and prevention systems. This study presents an advanced approach utilizing both machine learning and deep learning algorithms for cyberattack detection and prevention. The UNSW-NB15 dataset, renowned for its comprehensive representation of diverse cyber threats, serves as the foundation for experimentation and evaluation. Several algorithms such as Random Forest, Naïve Bayes, boosting algorithms, Artificial neural networks, Support vector machine are employed where the comparative analysis focuses on evaluating the efficiency of each algorithm in terms of recall, precision, and accuracy metrics. This study enhances the development of cybersecurity defense tactics by offering valuable perspectives on the efficacy of different machine learning methods in predicting cyberattacks. Experimental findings indicate that the boosting algorithm strategy is capable of identifying and preventing cyber threats with an accuracy rate of 94%.

Empowering Smart City IoT Network Intrusion Detection with Advanced Ensemble Learning-based Feature Selection

This study presents an advanced methodology tailored for enhancing the performance of Intrusion Detection Systems (IDS) deployed in Internet of Things (IoT) networks within smart city environments. Through the integration of advanced techniques in data preprocessing, feature selection, and ensemble classification, the proposed approach addresses the unique challenges associated with securing IoT networks in urban settings. Leveraging techniques such as SelectKBest, Recursive Feature Elimination (RFE), and Principal Component Analysis (PCA), combined with the Gradient-Based One Side Sampling (GOSS) technique for model training, the methodology achieves high accuracy, precision, recall, and F1 score across various evaluation scenarios. Evaluation on the UNSW-NB15 dataset demonstrates the effectiveness of the proposed approach, with comparative analysis showcasing its superiority over existing techniques.

Improved deep learning intrusion detection model based on GAN data enhancement

With the development of information technology, the number and methods of cyber attacks continue to increase, making network security issues increasingly important. Intrusion detection has become a vital means of dealing with cyber threats. Current intrusion detection methods predominantly rely on machine learning. However, machine learning suffers from limitations in detection capability and the requirement for extensive feature engineering. Additionally, current intrusion detection datasets face the challenge of data imbalance. To address these challenges, this paper proposes a novel solution leveraging Generative Adversarial Networks (GANs) to balance the dataset and introduces an attention mechanism into the generator to efficiently extract key feature information, the mechanism can effectively sort the key information of the data and quickly capture important features. Subsequently, a combination of 1D Convolutional Neural Networks (1DCNN) and Bidirectional Gated Recurrent Units (BiGRU) is employed to construct a classification model capable of extracting both spatial and temporal features. Furthermore, Particle Swarm Optimization (PSO) is utilized to optimize the input weights and hidden biases of the model, so as to further improve the accuracy and robustness of the model. Finally, the model is trained and implemented for network intrusion detection. To demonstrate the applicability of the model, experiments were conducted using the NSL-KDD dataset and the UNSW-NB15 dataset. The final results showed that the proposed model outperformed other models, achieving accuracies of 99.15% and 97.33% on the respective datasets. This indicates that the model improves the efficiency of network intrusion detection and better ensures the effectiveness of network security.

Performance Analysis of Random Forest Algorithm for Network Anomaly Detection using Feature Selection

As the volume and complexity of computer network traffic continue to increase, network administrators face a growing challenge in monitoring and discovering unusual activity. To keep the network safe and functioning, detecting anomalies is essential. Machine learning-based anomaly detection techniques have become increasingly popular in recent years. This is due to the fact that conventional anomaly detection methods make it difficult to detect unknown and complex attacks. This research aims to conduct a performance analysis of two feature selection methods using the random forest algorithm using the UNSW-NB15 dataset to determine which model is most effective in detecting network traffic anomalies. The models evaluated were random forest with the filter method and random forest with the wrapper method. A number of metrics used for model performance assessment are accuracy, F1-score, receiver operating characteristic curve, and precision-recall. Dataset collection, data pre-processing, feature selection, model construction, and evaluation are the main components of the research methodology. The research results show that the Random Forest approach with the Filter method has an accuracy of 0.8950, F1-score of 0.8333, ROC score of 0.8928, and a precision-recall value of 0.8347. Meanwhile, the approach using the Wrapper method obtained an accuracy of 0.9151, F1-score of 0.8510, ROC score of 0.9136, and a precision-recall value of 0.8637. This shows that the performance of Random Forest with the Wrapper method is superior in all assessment metrics. Random Forest with the Wrapper Method is the right choice of model for detecting network traffic anomalies because of its stable performance and ability to handle complex patterns

Self-healing hybrid intrusion detection system: an ensemble machine learning approach

The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal and attack categories. Next, an anomaly-based intrusion detection was built based on the LSTM (Long-Short Term Memory) algorithm to detect anomalies. These anomalies are then fed into the signature generator to extract attributes. These attributes get uploaded into the C5 training set, aiding the ensemble model in continual learning with expanding signatures of unknown attacks. By generating signatures of unknown attacks, the self-healing attribute of the ensemble model contributes to the early detection of attacks. For the C5 classifier, the proposed model is evaluated on the UNSW-NB15 dataset, while for the LSTM model, it is evaluated on the ADFA-LD dataset. Compared to conventional models, the experimental results show better detection rates for both known and unknown attacks. The C5 classifier achieved a True Positive Rate of 97% while maintaining a false positive rate of 8%. Also, the LSTM model achieved a detection rate of 90% while retaining a 17% False Alarm Rate. As the proposed model learns, its performance in real network traffic also improves and it also eliminates human intervention when updating training data.

Intrusion Detection using Deep Learning

The focus of cloud computing nowadays has been reshaping the digital epoch, in which clients now face serious concerns about the security and privacy of their data hosted in the cloud, as well as increasingly sophisticated and frequent cyber attacks. Therefore, it has become imperative for both individuals and organizations to implement a robust intrusion detection system (IDS) capable of monitoring packets in the network, distinguishing between benign and malicious behaviour, and detecting the type of attacks. IDS based on ML are efficient and precise in spotting network threats. Yet, for large dimensional data sizes, the performance of these systems decreases. Thus, it is critical to build a suitable feature selection approach that selects necessary features without having an impact on the classification process or causing information loss. Furthermore, training ML models on unbalanced datasets show a rising false positive rate (FPR) and a lowering detection rate (DR). In this paper, we present an improved cloud IDS designed by incorporating the synthetic minority over-sampling technique (SMOTE) to address the imbalanced data issue, and for feature selection, we propose to use a hybrid approach that includes three techniques: information gain (IG), chi-square (CS), and particle swarm optimization (PSO). Finally, the random forest (RF) model is utilized for detecting and classifying various types of attacks. The suggested system has been verified by the UNSW-NB15 and Kyoto datasets, achieving accuracies of over 98% and 99% in the multi-class classification scenario, respectively. It was noticed that an intrusion detection system with fewer informative features would operate more effectively. The simulation results significantly outperform other methodologies proposed in the related work in terms of different evaluation metrics.

Developing a hybrid feature selection method to detect botnet attacks in IoT devices

The Internet of Things, or IoT, is an important technology applied in various applications such as smart homes and innovative healthcare. Due to its architecture, IoT-based devices suffer from various security challenges, most commonly, botnet attacks. This article aims to develop a hybrid feature selection method to find the most influential features based on three feature selection methods, correlation, generalized normal distribution optimization, and lasso, to detect botnet attacks in IoT devices. The UNSW-NB15 dataset is used to assess the proposed system. Several classification models including decision tree (DT), random forest (RF), k-nearest neighbors (KNN), adaptive boosting (AdaBoost), and bagging are utilized for the classification purpose. The proposed system was evaluated using several performance metrics. The results showed the correlation feature selection method had the most accurate botnet attack detection rate. RF also outperformed other models with a 95.11% detection rate in binary classification and 83.96% in multi-classification. On the other hand, results showed that the proposed hybrid method outperformed the feature selection methods with an increase of about 3% in both classifications. The AdaBoost model achieved an accuracy of 99.28% with binary classification by using 18 features, and the RF model achieved an accuracy of 86.62% with multi-classification by using 22 features. The robustness and efficacy of the proposed approach were demonstrated by comparing the study's results with several other studies that have used the same dataset. The results of the study can be implemented in real applications to detect network interference of a dynamic nature in real-time and assist intrusion detection systems (IDS) in addressing these attacks.

ResNet50-1D-CNN: A new lightweight resNet50-One-dimensional convolution neural network transfer learning-based approach for improved intrusion detection in cyber-physical systems

The cyber-physical system (CPS) plays a crucial role in supporting critical infrastructure like water treatment facilities, gas stations, air conditioning components, and smart grids, which are essential to society. However, these systems are facing a growing susceptibility to a wide range of emerging attacks. Cyber-attacks against CPS have the potential to cause disruptions in the accurate sensing and actuation processes, resulting in significant harm to physical entities and posing concerns for the overall safety of society. Unlike common security measures like firewalls and encryption, which often aren't enough to deal with the unique problems that CPS architectures present, deploying machine learning-based intrusion detection systems (IDS) that are specifically made for CPS has become an important way to make them safer. The application of machine learning algorithms has been suggested as a means of mitigating cyber-attacks on CPS. However, the limited availability of labelled data pertaining to emerging attack techniques poses a significant challenge to the accurate detection of such attacks. In the given scenario, transfer learning emerges as a promising methodology for the detection of cyber-attacks, as it involves the implicit modelling of the system. In this research, we propose a new lightweight transfer learning method via ResNet50-CNN1D for intrusion detection in CPS. The Adaptive Gradient (Adagrad) optimizer was applied in the proposed model to minimize the loss function through the adjustment of network weight. We tested how well the suggested ResNet50-1D-CNN model worked using the UNSW-NB15 dataset and a control system dataset called HAI. The HAI dataset was taken from the testbed and based on a planned physical attack scenario. By calculating the coefficient scores for the top ten (10) features in the HAI and UNSW-NB15 data, it was possible to determine the relevance of a feature. The rationale behind employing transfer learning was to mitigate the complexity associated with the classification of cyber-attacks and runtime. The utilization of transfer learning resulted in notable reductions in both the training and testing times required for the detection of attacks. On the HAI data, the results showed an accuracy of 97.32 %, recall of 98.41 %, F1-score of 96.32 %, and precision of 97.09 %. On the UNSW-NB15 data, the results showed an accuracy of 99.89 %, recall of 99.09 %, F1-score of 98.01 %, and precision of 98.70 %.

Enhancing Industrial IoT Security: Utilizing Blockchain-Assisted Deep Federated Learning for Collaborative Intrusion Detection

The Industrial Internet of Things (IIoT) is a rapidly evolving features with multiple applications, including critical infrastructure. Privacy policies are required to preserve the protection of user data in the threat intelligence community. Blockchain is a modern technology which used recently to provide more secure storage and efficiency. In this research, Blockchain Assisted Deep Federated Learning (BC_DFL) system is used to detect intruders. The three key processes used in the proposed intrusion detection architecture are data collection, pre-processing and intrusion detection. Data normalization, reduction, cleaning and transformation are used in pre-processing to remove extraneous information and improve data quality. This pre-processed data is sent to the Blockchain Assisted Deep Federated Learning (BC_DFL) system for intrusion detection. To detect intruders, the federated learning-based Capsule Auto-Encoder (FL_CAE) architecture first learns the properties from the inputs. Blockchain technology (BCTech) is not only used for storage but also improves security by eliminating the possibility of threatening node and individual server failure. The ToN_IoT and UNSW-NB15 data sets are used in the implementation and performance evaluation study. The proposed model is evaluated using existing in the Results section. In the UNSW-NB15 dataset, proposed model achieved an accuracy, precision, recall and F1 score of 97.26%, 97.28%, 96.89% and 96.96% respectively as well as in ToN_IoT data set proposed model achieved an accuracy, precision, recall and F1 score of 95.74%, 99.54 %, 99.49% and 99.24%, respectively. The execution of the proposed approach takes 2.31 seconds in the UNSW-NB15 dataset and 1.66 seconds in the ToN_IoT dataset. Blockchain offers a transparent and impenetrable ledger for transaction recording and verification. Within the framework of cooperative intrusion detection, it guarantees a secure and reliable exchange of threat intelligence and detection models between various users of IIoT ecosystem.

Cloud Intrusion Detection System

Cloud computing is currently reshaping the digital landscape, with a heightened focus on security and privacy concerns for data stored in the cloud. As cyberattacks grow in sophistication and frequency, individuals and organizations alike must prioritize robust intrusion detection systems (IDS). These systems, particularly those utilizing machine learning (ML), excel at identifying network threats but face challenges with large data sizes, leading to decreased performance. Effective feature selection becomes crucial to maintain classification accuracy and prevent information loss. Additionally, addressing imbalanced datasets is vital to mitigate false positives and enhance detection rates. In this study, we propose an enhanced cloud IDS integrating the synthetic minority oversampling technique (SMOTE) for data imbalance and a hybrid feature selection method combining information gain (IG), chi-square (CS), and particle swarm optimization (PSO). Leveraging the random forest (RF) model, our system achieves exceptional accuracies exceeding 98% and 99% on the UNSW-NB15 and Kyoto datasets, respectively. Notably, fewer informative features enhance system efficiency, as evidenced by superior performance compared to existing methodologies

IoT Threat Mitigation: Leveraging Deep Learning for Intrusion Detection

The growth of smart gadgets connected via the Internet of Things (IoT) in today’s modern technology landscape has substantially improved our everyday lives. However, this convenience is juxtaposed with a concomitant surge in cyber threats capable of compromising the integrity of these interconnected systems. Conventional intrusion detection systems (IDS) prove inadequate for IoT due to the unique challenges they present. We propose and evaluate an intrusion detection system (IDS) based on a hybrid Convolutional Neural Network-Long Short-Term Memory (CNN-LSTM) model in this paper. The model is designed to capture both temporal and spatial patterns in network data, offering a robust solution for detecting malicious activities within IoT environments. The CNN-LSTM model displayed excellent accuracy, reaching 98% in both multi-class and binary classifications when trained on the UNSW-NB15 dataset. Furthermore, we explore the real-world applicability of the model through testing on Raspberry Pi, showcasing its effectiveness in IoT scenarios. The system is augmented with alert mechanisms, promptly notifying relevant parties upon intrusion detection. Our findings highlight the CNN-LSTM model's efficacy in strengthening IoT network security.

Robust network anomaly detection using ensemble learning approach and explainable artificial intelligence (XAI)

Intrusion Detection Systems, specifically Network Anomaly Detection Systems (NADSs) are vital tools in network security. The NADSs are affected by data imbalance issues in classifying minority classes. Also, designing an efficient detection framework is sought after to achieve a higher detection rate for minority classes, especially when utilizing ensemble learning methods. To solve the issue of imbalanced data, a hybrid method of sampling techniques is proposed. This imbalance processing tool integrates the Synthetic Minority Oversampling Technique (SMOTE) and the K-means clustering algorithm (SKM). SMOTE over-samples the minority class, and K-means is used to perform a cluster-based under-sampling. We use Denoising Autoencoder (DAE) to select the top 15 features to reduce data dimensionality based on their higher weights. For anomaly detection, the XGBoost algorithm is deployed and the SHapley Additive exPlanation (SHAP) approach is deployed to provide explanations of the proposed techniques. The performance of the SKM-XGB model is assessed using the NSL-KDD and UNSW-NB15 datasets. A comparative analysis and series of experiments were carried out using several ensemble models with multiple base classifiers. The experimental findings indicate that the model's detection rate for binary classification and multiclass classification using the UNSW-NB15 dataset is 99.01% and 97.49%, respectively. The model achieves a 99.37% detection rate for binary classification and a 99.22% detection rate for multiclass classification on the NSL-KDD dataset. We conducted a comparative analysis of various ensemble models with multiple base classifiers. The results indicate that SKM-XGB outperforms the other investigated models and outperforms the performance of state-of-the-art models.

Improving Intrusion Detection using Satin Bowerbird Optimization with Deep Learning Model for IIoT Environment

Intrusion Detection in the Industrial Internet of Things (IIoT) concentrations on the security and safety of critical structures and industrial developments. IIoT extends IoT principles to industrial environments, but linked sensors and devices can be deployed for monitoring, automation, and control of manufacturing, energy, and other critical systems. Intrusion detection systems (IDS) in IoT drive to monitor network traffic, device behavior, and system anomalies for detecting and responding to security breaches. These IDS solutions exploit a range of systems comprising signature-based detection, anomaly detection, machine learning (ML), and behavioral analysis, for identifying suspicious actions like device tampering, unauthorized access, data exfiltration, and denial-of-service (DoS) attacks. This study presents an Improving Intrusion Detection using Satin Bowerbird Optimization with Deep Learning (IID-SBODL) model for IIoT Environment. The IID-SBODL technique initially preprocesses the input data for compatibility. Next, the IID-SBODL technique applies Echo State Network (ESN) model for effectual recognition and classification of the intrusions. Finally, the SBO algorithm optimizes the configuration of the ESN, boosting its capability for precise identification of anomalies and significant security breaches within IIoT networks. By widespread simulation evaluation, the experimental results pointed out that the IID-SBODL technique reaches maximum detection rate and improves the security of the IIoT environment. Through comprehensive experimentation on both UNSW-NB15 and UCI SECOM datasets, the model exhibited exceptional performance, achieving an average accuracy of 99.55% and 98.87%, precision of 98.90% and 98.93%, recall of 98.87% and 98.80%, and F-score of 98.88% and 98.87% for the respective datasets. The IID-SBODL model contributes to the development of robust intrusion detection mechanisms for safeguarding critical industrial processes in the era of interconnected and smart IIoT environments.

A Novel Hybrid Feature Selection with Cascaded LSTM: Enhancing Security in IoT Networks

The rapid growth of the Internet of Things (IoT) has created a situation where a huge amount of sensitive data is constantly being created and sent through many devices, making data security a top priority. In the complex network of IoT, detecting intrusions becomes a key part of strengthening security. Since IoT environments can be easily affected by a wide range of cyber threats, intrusion detection systems (IDS) are crucial for quickly finding and dealing with potential intrusions as they happen. IDS datasets can have a wide range of features, from just a few to several hundreds or even thousands. Managing such large datasets is a big challenge, requiring a lot of computer power and leading to long processing times. To build an efficient IDS, this article introduces a combined feature selection strategy using recursive feature elimination and information gain. Then, a cascaded long–short-term memory is used to improve attack classifications. This method achieved an accuracy of 98.96% and 99.30% on the NSL-KDD and UNSW-NB15 datasets, respectively, for performing binary classification. This research provides a practical strategy for improving the effectiveness and accuracy of intrusion detection in IoT networks.

A novel data-driven integrated detection method for network intrusion classification based on multi-feature imbalanced data

The multi-feature and imbalanced nature of network data has always been a challenge to be overcome in the field of network intrusion detection. The redundant features in data could reduce the overall quality of network data and the accuracy of detection models, because imbalance could lead to a decrease in the detection rate for minority classes. To improve the detection accuracy for imbalanced intrusion data, we develop a data-driven integrated detection method, which utilizes Recursive Feature Elimination (RFE) for feature selection, and screens out features that are conducive to model recognition for improving the overall quality of data analysis. In this work, we also apply the Adaptive Synthetic Sampling (ADASYN) method to generate the input data close to the original dataset, which aims to eliminate the data imbalance in the studied intrusion detection model. Besides, a novel VGG-ResNet classification algorithm is also proposed via integrating the convolutional block with the output feature map size of 128 from the Visual Geometry Group 16 (VGG16) of the deep learning algorithm and the residual block with output feature map size of 256 from the Residual Network 18 (ResNet18). Based on the numerical results conducted on the well-known NSL-KDD dataset and UNSW-NB15 dataset, it illustrates that our method can achieve the accuracy rates of 86.31% and 82.56% in those two test datasets, respectively. Moreover, it can be found that the present algorithm can achieve a better accuracy and performance in the experiments of comparing our method with several existing algorithms proposed in the recent three years.