What is it about?
Intrusion detection systems (IDS) are critical for IT security, relying on a classification module to analyze network traffic and identify threats. The choice of monitored features significantly impacts performance, making it essential to identify a minimal feature set that effectively distinguishes malicious from benign traffic. This study explores feature selection using the CSE-CIC-IDS2018 on AWS dataset, focusing on five attack types. Six feature selection methods were applied, and feature rankings were averaged to determine relevance. Optimal feature subsets were tested with five classification algorithms, evaluated using four key metrics.
Featured Image
Photo by Adi Goldstein on Unsplash
Why is it important?
The importance of this research lies in improving the efficiency and accuracy of intrusion detection systems (IDS). By identifying a minimal and optimal set of features for detecting network threats, the computational burden on IDS can be reduced, leading to faster and more cost-effective threat detection. Additionally, focusing on the most relevant features helps enhance detection accuracy, minimizing false positives and negatives. This is crucial for maintaining robust cybersecurity in increasingly complex and high-traffic network environments.
Perspectives
Read the Original
This page is a summary of: Identifying relevant features of CSE-CIC-IDS2018 dataset for the development of an intrusion detection system, Intelligent Data Analysis, November 2024, IOS Press,
DOI: 10.3233/ida-230264.
You can read the full text:
Resources
Feature Selection with Weighted Ensemble Ranking for Improved Classification Performance on the CSE-CIC-IDS2018 Dataset
Feature selection is a crucial step in machine learning, aiming to identify the most relevant features in high-dimensional data in order to reduce the computational complexity of model development and improve generalization performance. Ensemble feature-ranking methods combine the results of several feature-selection techniques to identify a subset of the most relevant features for a given task. In many cases, they produce a more comprehensive ranking of features than the individual methods used alone. This paper presents a novel approach to ensemble feature ranking, which uses a weighted average of the individual ranking scores calculated using these individual methods. The optimal weights are determined using a Taguchi-type design of experiments. The proposed methodology significantly improves classification performance on the CSE-CIC-IDS2018 dataset, particularly for attack types where traditional average-based feature-ranking score combinations result in low classification metrics.
Catboost Algorithm Based Classifier Module for Brute Force Attack Detection
Intrusion Detection Systems (IDS) play a critical role in safeguarding corporate IT systems by providing automated protection against various attacks and intrusions. They efficiently identify suspicious attack scenarios and promptly alert or intervene to prevent an attack. This paper focuses on the research conducted to develop a classification module for Behavior-based IDSs (BIDS). Typically, these modules are built using a sample dataset that comprises a significant amount of data describing both benign and malicious network traffic. In our case, the CSE-CIC-IDS2018 dataset on AWS served as the foundation for this purpose. The investigation aimed to develop an effective classifier module for a BIDS system using the CatBoost algorithm. To evaluate the performance of the trained classifier, we compared it to three other well-known classifiers trained on the same data, employing the same selected features. Additionally, we utilized four different performance measures, namely accuracy, precision, recall, and F1 score. The results demonstrated that, overall, the CatBoost classifier delivered performance on par with or better than the baseline methods. This finding supports the initial assumption that a CatBoost-based solution could be a viable choice when developing a BIDS.
Contributors
The following have contributed to this page