A Novel Feature Selection Approach to Classify Intrusion Attacks in Network Communications

The fast development of communication technologies and computer systems brings several challenges from a security point of view. The increasing number of IoT devices as well as other computing devices make network communications more challenging. The number, sophistication, and severity of network-related attacks are growing rapidly. There are a variety of different attacks including remote-to-user (R2L), user-to-remote (U2R), denial of service (DoS), distributed DDoS, and probing. Firewalls, antivirus scanners, intrusion detection systems (IDSs), and intrusion prevention systems (IPSs) are widely used to prevent and stop cyber-related attacks. Especially, IDPSs are used to stop and prevent intrusions on communication networks. However, traditional IDSs are no longer effective in detecting complicated cyber attacks from normal network traffic. Because of this, new promising techniques, which specifically utilize data mining, machine learning, and deep learning, need to be proposed in order to distinguish intrusions from normal network traffic. To effectively recognize intrusions, the feature generation, feature selection, and learning processes must be performed delicately before the classification stage. In this study, a new feature selection method called FSAP (Feature Selection Approach) is proposed. In addition, a hybrid attack detection model called SABADT (Signature- and Anomaly-Based Attack Detection Technique) is suggested, which utilizes different classification metrics to recognize attacks. The proposed general method FSACM (Feature Selection and Attack Classification Method) is tested on KDD '99, UNSW-NB15, and CIC-IDS2017 datasets. According to the experiment results, the proposed method outperformed the state-of-the-art methods in the literature in terms of detection, accuracy, and false-alarm rates.