Article Preview
TopIntroduction
The challenge in network security is to implement efficient IDS and the solutions existing today focuses on signature-based and anomaly-based techniques. These techniques suffer from high false error rates and computing costs. In recent years, the research in the field of network IDS focuses on the shallow machine learning mechanisms say, KNN (Li et al., 2017), SVM (Ahmad et al., 2018), Naive Bayes, Random Forest (Farnaaz & Jabbar, 2016; Ahmad et al., 2018), Decision trees, ANN (Manzoor & Kumar, 2017). The application of shallow learning algorithms has offered improved detection accuracy. On the other hand, these methods are prone to some limitations. These methods need domain expert knowledge to identify useful patterns from the data; the computing cost is expensive, and it is likely prone to errors.
To address these limitations in our proposed work, we have applied the new research area deep learning (LeCun et al., 2015), which is receiving attention in many domains. Deep Learning is the subcategory of machine learning algorithms that operates better than shallow learning algorithms. Deep learning focuses on the faster detection of network anomalies as well as more in-depth network data analysis.
Current researches have revealed that the combination of feature selection mechanisms would enhance the results of the classifiers through the identification of weak features that acts strong in groups, eliminating the duplicate features, and identifying features with a higher correlation rate (Osanaiye et al., 2016). Other research works have suggested a hybrid feature selection strategy that incorporates filter and wrapper methods. In a filter-based technique, the choice of features is one of the contemporary strategies that incorporate space search and ranking techniques. Hence, we develop an Ensemble-based Feature Selection (EFS) technique that merges from the result of Information Gain, Gain Ratio, Chi-Square, Correlation-based Feature Selection and Symmetric Uncertainty based Feature Selection to choose the essential features. The primary objective of this suggested model is to significantly decrease the number of features and classify intrusions using the classifier Long Short Term Memory (Hochreiter & Schmidhuber, 1997). NSL-KDD (Tavallaee et al., 2009) is used to assess the efficiency of our suggested EFS-LSTM technique using the Waikato knowledge assessment environment and python.
The main contributions of this work consist of the following:
- •
We design an efficient EFS-LSTM based classifier model for classification of network intrusions;
- •
The benchmark NSL–KDD dataset used for the experimentation and testing of the proposed model;
- •
We compare the performance of the proposed EFS–LSTM with existing feature selection techniques.
The rest of the paper is discussed in the following sections. Section 2 examines the related works. Section 3 discusses the suggested strategy for network intrusion detection based on EFS–LSTM. Section 4 presents the experimental result and comparison with the existing feature selection methods.