Towards Data-Driven Network Intrusion Detection Systems: Features Dimensionality Reduction and Machine Learning

Abstract

Cyber attacks have increased in tandem with the exponential expansion of computer networks and network applications throughout the world. Fortunately, various machine/deep learning models have demonstrated excellent accuracy in predicting network attacks in the literature; nonetheless, having simple and understandable models might be a big benefit in network monitoring systems. In this study, we evaluate four feature selection algorithms to find the minimal set of predictive features of network attacks, seven classical machine learning algorithms, and the deep learning algorithm on one million random instances of the CSE-CIC-IDS2018 big data set for network intrusions. The feature selection algorithms highlighted the importance of features related to forwarding direction (FWD) and two flow measures (FLOW) in predicting the binary traffic type; benign or attack. Furthermore, the results revealed that not all features are required to build efficient ML/DL in detecting network attacks, four features unanimously selected by the feature selection algorithms were enough to build comparable ML models to those trained on all features. This might lead to models that are more suitable for deployment in terms of complexity, explainability, and scalability. Moreover, by selecting four unanimity features instead of all traffic features, the training time may be decreased by 10% to 50%.