Abstract:
Network security plays a pivotal role in safeguarding sensitive data from
unauthorized access and malicious activities. This work addresses the challenge by
proposing a Selected Features Based Intrusion Detection System (SFBIDS) that apply
a firewall with an Intrusion Detection System (IDS). In the system, the firewall is a
crucial part of network security and it applies especially in used software-based open
source firewall that minimizes complication, time, often adaptable in their
configuration, and mostly in cost. The filtering rules themselves might cause a
security hole due to the complex nature of their configuration and the order of rules. If
there are many firewall filtering rules, many policy anomalies can be caused in the
desired network. In the SFBIDS system, twenty-seven firewall rules are manually
created in the software-based firewall. An IDS typically operates using one of two
primary methods: signature-based detection and anomaly-based detection. In the
system employing a signature-based detection method, the approach focuses on
identifying known threats by comparing network traffic or files against a database of
known signatures. The SFBIDS is evaluated through the generation of a dataset
comprising typical network traffic, as well as simulated Denial-of-Service (DoS)
attacks and PortScan attacks. Feature selection is a critical component of intrusion
detection systems, influencing their effectiveness in detecting malicious activities
while minimizing false alarms. It presents a detailed analysis of two feature selection
methods: Correlation-Based Feature Subset (CBFS) and Gain Ratio Feature Selection
(GRFS), focusing on their efficacy in selecting the most relevant attributes for
intrusion detection. Effective feature selection is critical for enhancing the
performance of intrusion detection systems. The SFBIDS compare its performance
with the widely used CICIDS 2017 dataset. The results demonstrate that by excluding
flag features, the performance of intrusion detection algorithms improves
significantly. It uses a technique for determining the minimum boundary value in the
Correlation Attribute (CA) method by computing the average value from two datasets.
It conducts a comparative analysis of attribute reduction in both the SFBIDS dataset
and the CICIDS 2017. The SFBIDS system goal is to enhance the adequacy of
performance by identifying and eliminating redundant attributes.