Towards Improved Random Forest based Feature Selection for Intrusion Detection in Smart IOT Environment

Internet of Things (IoT) is raised as most adaptive technologies for the end users in past few years. Indeed of being popular, security in IoT turned out to be a crucial research challenge and a sensible topic which is discussed very often. Denial of Service (DoS) attack is encountered in IoT sensor networks by perpetrators with numerous compromised nodes to flood certain targeted IoT device and thus resulting in vulnerability or service unavailability. Features that are encountered from the malicious node can be utilized effectually to recognize recurring patterns or attack signature of network based or host based attacks. Henceforth, feature extraction using machine learning approaches for modelling of Intrusion detection system (IDS) have been cast off for identification of threats in IoT devices. In this investigation, Kaggle dataset is measured as benchmark dataset for detecting intrusion is considered initially. These dataset includes 41 essential attributes for intrusion identification. Next, selection of features for classifiers is done with an improved Weighted Random Forest Information extraction (IW-RFI). This proposed WRFI approach evaluates the mutual information amongst the attributes of features and select the optimal features for further computation. This work primarily concentrates on feature selection as effectual feature selection leads to effectual classification. Finally, performance metrics like accuracy, sensitivity, specificity is computed for determining enhanced feature selection. The anticipated model is simulated in MATLAB environment, which outperforms than the existing approaches. This model shows better trade off in contrary to prevailing approaches in terms of accurate detection of threats in IoT devices and offers better transmission over those networks.

Download Full-text

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

10.21203/rs.3.rs-748765/v1 ◽

2021 ◽

Author(s):

Navroop Kaur ◽

Meenakshi Bansal ◽

Sukhwinder Singh S

Keyword(s):

Feature Selection ◽

Performance Evaluation ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Cyber Attacks ◽

Support Vector ◽

K Nearest Neighbor ◽

Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Download Full-text

Fusion of Feature Selection and Random Forest for an Anomaly-Based Intrusion Detection System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8332 ◽

2019 ◽

Vol 16 (8) ◽

pp. 3603-3607 ◽

Cited By ~ 1

Author(s):

Shraddha Khonde ◽

V. Ulagamuthalvi

Keyword(s):

Feature Selection ◽

Random Forest ◽

Intrusion Detection ◽

Real Time ◽

Intrusion Detection System ◽

New Technologies ◽

Detection System ◽

Sensitive Data ◽

Detection Systems ◽

New Type

Considering current network scenario hackers and intruders has become a big threat today. As new technologies are emerging fast, extensive use of these technologies and computers, what plays an important role is security. Most of the computers in network can be easily compromised with attacks. Big issue of concern is increase in new type of attack these days. Security to the sensitive data is very big threat to deal with, it need to consider as high priority issue which should be addressed immediately. Highly efficient Intrusion Detection Systems (IDS) are available now a days which detects various types of attacks on network. But we require the IDS which is intelligent enough to detect and analyze all type of new threats on the network. Maximum accuracy is expected by any of this intelligent intrusion detection system. An Intrusion Detection System can be hardware or software that analyze and monitors all activities of network to detect malicious activities happened inside the network. It also informs and helps administrator to deal with malicious packets, which if enters in network can harm more number of computers connected together. In our work we have implemented an intellectual IDS which helps administrator to analyze real time network traffic. IDS does it by classifying packets entering into the system as normal or malicious. This paper mainly focus on techniques used for feature selection to reduce number of features from KDD-99 dataset. This paper also explains algorithm used for classification i.e., Random Forest which works with forest of trees to classify real time packet as normal or malicious. Random forest makes use of ensembling techniques to give final output which is derived by combining output from number of trees used to create forest. Dataset which is used while performing experiments is KDD-99. This dataset is used to train all trees to get more accuracy with help of random forest. From results achieved we can observe that random forest algorithm gives more accuracy in distributed network with reduced false alarm rate.

Download Full-text

Towards a Lightweight Intrusion Detection Framework for In-Vehicle Networks

Journal of Sensor and Actuator Networks ◽

10.3390/jsan11010006 ◽

2022 ◽

Vol 11 (1) ◽

pp. 6

Author(s):

Dheeraj Basavaraj ◽

Shahab Tayeb

Keyword(s):

Intrusion Detection ◽

Performance Metrics ◽

Detection System ◽

Electronic Control Unit ◽

Denial Of Service ◽

Control Unit ◽

Control Area ◽

The Internet ◽

Area Network ◽

Classification Models

With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

Download Full-text

A Wrapper based Feature Selection using Grey Wolf Optimization for Botnet Attack Detection

International Journal of Sensors Wireless Communications and Control ◽

10.2174/2210327911666210120124340 ◽

2021 ◽

Vol 11 ◽

Author(s):

Ravi Kiran Varma P ◽

S Kumar Reddy Mallidi ◽

Rohit Rishi Muni

Keyword(s):

Feature Selection ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Feature Reduction ◽

Data Traffic ◽

Grey Wolf ◽

Grey Wolf Optimization ◽

Iot Devices ◽

And Control

Aim: To design and evaluate the performance of a Grey Wolf Optimization (GWO) based wrapper feature selection applied to the Botnet malware detection system. Background: A botnet is malicious software that is controlled by a master and used to compromise a distributed set of systems, in turn targeting a victim. Powerful attacks like Distributed Denial of Service (DDoS) can be triggered using a botnet. With the rapid growth of the Internet of Things (IoT) and its omnipresence, the vulnerable IoT devices are also under threat of being a victim or a zombie. Objective: To optimize the listed botnet data traffic features, Grey Wolf Optimization (GWO), in a wrapper model, is used to search the useful features without affecting the classification accuracy. Method: The Botnet dataset consists of a total of 192 command and control (C& C) botnet channels HTTP traffic features, and network traffic session-based features. GWO optimization algorithm is used as a wrapper for feature selection, and evaluated on three different classifiers, viz., SVM, KNN, and DT. Results: Decision Tree (DT) and GWO wrapper produced the best results when compared with other classifiers. The output of the research reduces the botnet traffic features to 19 from 192, with an accuracy of 99.73% post the reduction. Conclusion: The proposed DT-GWO wrapper turns out to be an excellent choice for feature reduction for botnet attack detection. The strength of the DT-GWO wrapper is that it is able to retain the near full-feature accuracy even after a massive reduction of 90.10% of the features.

Download Full-text

EFS-LSTM (Ensemble-Based Feature Selection With LSTM) Classifier for Intrusion Detection System

International Journal of e-Collaboration ◽

10.4018/ijec.2020100106 ◽

2020 ◽

Vol 16 (4) ◽

pp. 72-86

Author(s):

Preethi D. ◽

Neelu Khare

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Performance Metrics ◽

Short Term Memory ◽

Information Gain ◽

Detection System ◽

Classification Performance ◽

Performance Study ◽

Chi Square ◽

Network Intrusion

In this article, an EFS-LSTM, a deep recurrent learning model, is proposed for network intrusion detection systems. The EFS-LSTM model uses ensemble-based feature selection (EFS) and LSTM (Long Short Term Memory) for the classification of network intrusions. The EFS combines five feature selection mechanisms namely, information gain, gain ratio, chi-square, correlation-based feature selection, and symmetric uncertainty-based feature selection. The experiments were conducted using the benchmark NSL-KDD dataset and implemented using Tensor flow and python. The EFS-LSTM classifier is evaluated using the classification performance metrics and also compared with all the 41 features without any feature selection as well as with each individual feature selection techniques and classified using LSTM. The performance study showed that the EFS-LSTM model outperforms better with 99.8% accuracy with a higher detection and less false alarm rates.

Download Full-text

Building Auto-Encoder Intrusion Detection System based on random forest feature selection

Computers & Security ◽

10.1016/j.cose.2020.101851 ◽

2020 ◽

Vol 95 ◽

pp. 101851 ◽

Cited By ~ 6

Author(s):

XuKui Li ◽

Wei Chen ◽

Qianru Zhang ◽

Lifa Wu

Keyword(s):

Feature Selection ◽

Random Forest ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System

Download Full-text

A Survey on Intrusion Detection System using Machine Learning and Deep Learning

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit195264 ◽

2019 ◽

pp. 264-270

Author(s):

Er. Hemavati ◽

Aparna R

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Performance Metrics ◽

Detection System ◽

Attack Detection ◽

Machine Learning Techniques ◽

Network Applications ◽

Important Challenge ◽

Iot Devices

As we know internet of Things (IoT) is one of the fastest growing paradigm which is composed of Internet and different physical devices with different domains or the smart applications like home automation, business automation applications, health and environmental monitoring applications. The dependency on IOT devices is increasing day by day with our daily activities, which leads to most important challenge for security. Since having a better monitoring system for better security is a need. From more than two decades the concept or the frame work called IDS (Intrusion detection system) is playing important role for detecting the attacks in the network. Since the network attacks are not fixed in nature, a new type of attacks are happening on the network applications. There are many traditional IDS techniques are available but they are complex to apply. Since machine learning is one of the important area which is achieving good results in many applications. In this paper we study about the different machine learning techniques used till now and the methodology for the attack detection and the validation strategy. We will also discuss about the performance metrics.

Download Full-text

Performance analysis of machine learning models for intrusion detection system using Gini Impurity-based Weighted Random Forest (GIWRF) feature selection technique

Cybersecurity ◽

10.1186/s42400-021-00103-8 ◽

2022 ◽

Vol 5 (1) ◽

Author(s):

Raisa Abedin Disha ◽

Sajjad Waheed

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Random Forest ◽

Performance Analysis ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Experimental Result ◽

Feature Selection Technique ◽

Selection Technique

AbstractTo protect the network, resources, and sensitive data, the intrusion detection system (IDS) has become a fundamental component of organizations that prevents cybercriminal activities. Several approaches have been introduced and implemented to thwart malicious activities so far. Due to the effectiveness of machine learning (ML) methods, the proposed approach applied several ML models for the intrusion detection system. In order to evaluate the performance of models, UNSW-NB 15 and Network TON_IoT datasets were used for offline analysis. Both datasets are comparatively newer than the NSL-KDD dataset to represent modern-day attacks. However, the performance analysis was carried out by training and testing the Decision Tree (DT), Gradient Boosting Tree (GBT), Multilayer Perceptron (MLP), AdaBoost, Long-Short Term Memory (LSTM), and Gated Recurrent Unit (GRU) for the binary classification task. As the performance of IDS deteriorates with a high dimensional feature vector, an optimum set of features was selected through a Gini Impurity-based Weighted Random Forest (GIWRF) model as the embedded feature selection technique. This technique employed Gini impurity as the splitting criterion of trees and adjusted the weights for two different classes of the imbalanced data to make the learning algorithm understand the class distribution. Based upon the importance score, 20 features were selected from UNSW-NB 15 and 10 features from the Network TON_IoT dataset. The experimental result revealed that DT performed well with the feature selection technique than other trained models of this experiment. Moreover, the proposed GIWRF-DT outperformed other existing methods surveyed in the literature in terms of the F1 score.

Download Full-text

An Ensemble Intrusion Detection Model For Internet of Things Network

10.21203/rs.3.rs-479157/v1 ◽

2021 ◽

Author(s):

Sarika Choudhary ◽

Nishtha Kesswani ◽

Sudhan Majhi

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Support Vector ◽

Delivery Ratio ◽

Learning Approaches ◽

Replay Attack ◽

Network Intrusion ◽

F Measure

Abstract The advancements of technology are playing a significant role in protecting the data from intruders. In this paper, a robust network intrusion detection system (IDS) is proposed for Internet of Things (IoT) using deep learning approaches. The type of intrusions we adopted in this work are distributed denial of service (DDoS) and replay attack. Our proposed work is divided into three sections, namely, node deployment, threat detection modelling, and prevention modelling. For detection, ensemble algorithm has been used, i.e., deep neural network (DNN) and support vector machine (SVM). SVM is used to identify the suspected route and DNN is used to identify the suspected node out of suspected routes. The chosen route ensures that it is prevented from attackers by incorporating the throughput and packet delivery ratio (PDR). The simulation results are obtained on the basis of accuracy, recall, precision, and F-measure to determine the effectiveness of the proposed approach. The precision, recall, F- measure, and accuracy of correctly identified intruders are 98.12%, 98.04%, 94.88%, and 98.68%, respectively, which is an improvement over the previous studies. The efficacy of the designed model for IoT is compared with the existing approaches.

Download Full-text

A novel approach for selective feature mechanism for two-phase intrusion detection system

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v14.i1.pp101-112 ◽

2019 ◽

Vol 14 (1) ◽

pp. 101

Author(s):

B Narendra Kumar ◽

M S V Sivarama Bhadri Raju ◽

B Vishnu Vardhan

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Performance Metrics ◽

Detection System ◽

Computational Time ◽

Support Vector ◽

Phase System ◽

Second Phase ◽

Two Phase ◽

Linear Dependency

Intrusion Detection is an important aspect to secure the computing systems from different intrusions. To improve the accuracy and to reduce the computational time, this paper proposes a two-phase hybrid method based on the SVM and RNN. In addition, this paper also had a proposal to obtain a few sets of features with a feature selection technique in which the detection performance increases. For the two-phase system, two different feature selection techniques were proposed which solves both the linear dependency and non-linear dependency between the features. In the first phase, the RNN combines with the proposed Joint Mutual Information Maximization (JMIM) based feature selection and in the second phase, the Support Vector Machine (SVM) combines with correlation based feature selection. Extensive simulations are carried out over the proposed system using two different datasets, NSL-KDD and Kyoto2006+. The performance is measured through the performance metrics such as Detection Rate (DR), Precision, False Alarm Rate (FAR), Accuracy and F-Score. Furthermore, a comparative analysis with few recent hybrid frameworks is also enumerated. The obtained results signify the effectiveness of proposed method.

Download Full-text