SRFE: A stepwise recursive feature elimination approach for network intrusion detection systems

• Published in: Peer-to-peer networking and applications Vol. 17; no. 6; pp. 3634 - 3649
• Main Authors: Qasem, Abdelaziz Alshaikh, Qutqut, Mahmoud H., Alhaj, Fatima, Kitana, Asem
• Format: Journal Article
• Language: English
• Published: New York Springer US 01.11.2024; Springer Nature B.V
• Subjects: Algorithms; Classification; Communications Engineering; Computer Communication Networks; Cybersecurity; Engineering; Information Systems and Communication Service; Intrusion; Intrusion detection systems; Machine learning; Networks; Prediction models; Signal,Image and Speech Processing; Special Issue on 2 - Track on Security and Privacy; Support vector machines; Machine learning (ML); Information gain (IG); Network intrusion detection system (NIDS); Recursive feature elimination (RFE); Intrusion detection
• ISSN: 1936-6442; 1936-6450
• DOI: 10.1007/s12083-024-01763-2

Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features’ significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round.