Analyzing Cyber Attacks and Optimizing Performance Metrics through Feature Selection in Intrusion Detection Systems
Keywords:
Intrusion Detection System (IDS), Cyber Attack Classification, XGBoost, Precision and Accuracy.Abstract
As cyber threats continue to increase in scale and sophistication, Intrusion Detection Systems (IDS) are essential for protecting modern network infrastructures. This study compares two benchmark datasets—NSL-KDD and CICIDS 2018—to evaluate their effectiveness in modeling intrusion scenarios based on attack diversity, feature richness, and relevance to current threats. While NSL-KDD offers structured and balanced data for traditional attacks, CICIDS 2018 provides realistic traffic with modern threat profiles. A key contribution of this research is the proposal and integration of a new feature—Encrypted Traffic Behavior Analysis—to address the growing use of encrypted communication in cyberattacks. The study further identifies critical features for attack types like DoS, Probe, U2R, and R2L, using methods such as LASSO, PCA, and Mutual Information. A hybrid IDS model leveraging XGBoost is developed and benchmarked against classifiers including Logistic Regression, Naïve Bayes, Decision Tree, Random Forest, SVM, and KNN. Results show high detection accuracy, with XGBoost achieving near-perfect performance by effectively handling high-dimensional, encrypted, and imbalanced data. This demonstrates that combining targeted feature selection with ensemble learning significantly enhances IDS capabilities. Future work will focus on real-time implementation, deep learning integration, and privacy-preserving methods for scalable, intelligent intrusion detection in dynamic environments.
Downloads
References
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), 1–29. https://doi.org/10.1002/ett.4150
Ahsan, R., Shi, W., & Corriveau, J.-P. (2021). Network intrusion detection using machine learning approaches: Addressing data imbalance. https://doi.org/10.1049/cps2.12013
Al-Imran, M., & Ripon, S. H. (2021). Network intrusion detection: An analytical assessment using deep learning and state-of-the-art machine learning models. SN Computer Science, 1(3). https://doi.org/10.1007/s44196-021-00047-4
Alazzam, H., Sharieh, A., & Sabri, K. E. (2020). A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Systems with Applications, 148, 113249. https://doi.org/10.1016/j.eswa.2020.113249
Almomani, O. (2020). A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Neural Computing and Applications, 33(32), 1–22.
Dhanabal, L., & Shantharajah, S. P. (2015). A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6), 446–452. https://doi.org/10.17148/IJARCCE.2015.4696
Dong, R. H., Li, X. Y., Zhang, Q. Y., & Yuan, H. (2020). Network intrusion detection model based on multivariate correlation analysis - long short-time memory network. IET Information Security, 14(2), 166–174. https://doi.org/10.1049/iet-ifs.2019.0294
Gao, J., Chai, S., Zhang, B., & Xia, Y. (2019). Research on network intrusion detection based on incremental extreme learning machine and adaptive principal component analysis. Energies, 12(7), 1223. https://doi.org/10.3390/en12071223
Gao, X., Shan, C., Hu, C., Niu, Z., & Liu, Z. (2019). An adaptive ensemble machine learning model for intrusion detection. IEEE Access, 7, 82512–82521. https://doi.org/10.1109/ACCESS.2019.2923640
García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1–2), 18–28. https://doi.org/10.1016/j.cose.2008.08.003
Gu, J., Wang, L., Wang, H., & Wang, S. (2019). A novel approach to intrusion detection using SVM ensemble with feature augmentation. Computers & Security, 86, 53–62. https://doi.org/10.1016/j.cose.2019.05.022
Karatas, G., Demir, O., & Sahingoz, O. K. (2020). Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access, 8, 32150–32162. https://doi.org/10.1109/ACCESS.2020.2973219
Kasongo, S. M., & Sun, Y. (2020). Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. Journal of Big Data, 7(1). https://doi.org/10.1186/s40537-020-00379-6
Kasongo, S. M., & Sun, Y. (2020). A deep long short-term memory based classifier for wireless intrusion detection system. ICT Express, 6(2), 98–103. https://doi.org/10.1016/j.icte.2019.08.004
Kayode Saheed, Y., Idris Abiodun, A., Misra, S., Kristiansen Holone, M., & Colomo-Palacios, R. (2022). A machine learning-based intrusion detection for detecting internet of things network attacks. Alexandria Engineering Journal, 61(12), 9395–9409. https://doi.org/10.1016/j.aej.2022.02.063
Khan, N., C, N., Negi, A., & Thaseen, S. (2020). Analysis on improving the performance of machine learning models using feature selection technique. In Proceedings (pp. 69–77). https://doi.org/10.1007/978-3-030-16660-1_7
Kumar, V., Sinha, D., Das, A. K., Pandey, S. C., & Goswami, R. T. (2020). An integrated rule based intrusion detection system: Analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing, 23(2), 1397–1418. https://doi.org/10.1007/s10586-019-03008-x
Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., & Kim, K. J. (2019). A survey of deep learning-based network anomaly detection. Cluster Computing, 22, 949–961. https://doi.org/10.1007/s10586-017-1117-8
Latah, M., & Toker, L. (2018). Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Networks, 7(6), 453–459. https://doi.org/10.1049/iet-net.2018.5080
Naseer, S., Saleem, Y., Khalid, S., Bashir, M. K., Han, J., Iqbal, M. M., & Han, K. (2018). Enhanced network anomaly detection based on deep neural networks. IEEE Access, 6(8), 48231–48246. https://doi.org/10.1109/ACCESS.2018.2863036
Rathore, S., & Park, J. H. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing Journal, 72, 79–89. https://doi.org/10.1016/j.asoc.2018.05.049
Roshan, S., Miche, Y., Akusok, A., & Lendasse, A. (2018). Adaptive and online network intrusion detection system using clustering and extreme learning machines. Journal of the Franklin Institute, 355(4), 1752–1779. https://doi.org/10.1016/j.jfranklin.2017.06.006
Saad Alqahtani, A. (2021). FSO-LSTM IDS: Hybrid optimized and ensembled deep-learning network-based intrusion detection system for smart networks. The Journal of Supercomputing, 78, 9438–9455. https://doi.org/10.1007/s11227-021-04285-3
Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2017). Towards a reliable intrusion detection benchmark dataset. Software Networking, 2017(1), 177–200. https://doi.org/10.13052/jsn2445-9739.2017.009
Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507. https://doi.org/10.1109/ACCESS.2019.2928048
Teng, S., Wu, N., Zhu, H., Teng, L., & Zhang, W. (2018). SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA Journal of Automatica Sinica, 5(1), 108–118. https://doi.org/10.1109/JAS.2017.7510730
Wang, Y., Meng, W., Li, W., Li, J., Liu, W. X., & Xiang, Y. (2018). A fog-based privacy-preserving approach for distributed signature-based intrusion detection. Journal of Parallel and Distributed Computing, 122, 26–35. https://doi.org/10.1016/j.jpdc.2018.07.013
Wu, Y., Wei, D., & Feng, J. (2020). Network attacks detection methods based on deep learning techniques: A survey. Security and Communication Networks, 2020, Article ID 8872923. https://doi.org/10.1155/2020/8872923
Yao, H., Fu, D., Zhang, P., Li, M., & Liu, Y. (2019). MSML: A novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet of Things Journal, 6(2), 1949–1959. https://doi.org/10.1109/JIOT.2018.2873125
Badhan, P. K. Real-Time Quantum-Enhanced Hybrid Machine Learning Model with Feature Optimization for High-Accuracy Anomaly Detection in Iot Networks. Available at SSRN 5107553. http://dx.doi.org/10.2139/ssrn.5107553
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Navroop Kaur, Meenakshi Bansal, Sukhwinder Singh Sran
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
