Anomaly-Based Network Intrusion Detection System through Feature Selection and Hybrid Machine Learning Technique

In this paper, we propose an anomaly-based network intrusion detection system based on a combination of feature selection, K-Means clustering and XGBoost classification model. We test the performance of our proposed system over NSL-KDD dataset using KDDTest(+) dataset. A feature selection method based on attribute ratio (AR) [14] is applied to construct a reduced feature subset of NSL-KDD dataset. After applying K-Means clustering, hyperparameter tuning of each classification model corresponding to each cluster is implemented. Using only 2 clusters, our proposed model obtains accuracy equal to 84.41% with detection rate equal to 86.36% and false alarm rate equal to 18.20% for KDDTest(+) dataset. The performance of our proposed model outperforms those obtained using the recurrent neural network (RNN)-based deep neural network and other tree-based classifiers. In addition, due to feature selection, our proposed model employs only 75 out of 122 features (61.47%) to achieve this level of performance comparable to those using full number of features to train the model.