A network intrusion detection system (NIDS) has a significant role in an industry or organization to protect their data. NIDS should be more reliable to manage huge traffic over the networks to detect the emerging attacks. In this chapter, novel entropy-based feature selection is proposed to select the important features of intrusion detection system. Feature selection reduces the computational time and improves detection rates. In entropy, within-class entropies and between-class entropies are computed for the various classes of intrusion in the KDD dataset. Based on computed entropy values, features are ranked and selected. Radial basis neural network (RBNN) is employed as a classifier. Performances of the proposed entropy-based feature selection algorithm are evaluated using the 10% dataset for training and two other datasets for testing. The proposed system shows significant improvement in the detection rate, reduces the false positive rate (FPR), and also reduces the computational time.
TopIntroduction
The Network Intrusion Detection (NIDS) System is a dependable and secure system that monitors for network vulnerabilities. The flaw will take advantage of a flaw in information assurance. On a daily basis, it is critical to lessen vulnerability from numerous enterprises. The internet is widely utilised for a variety of purposes, including commerce, education, games, entertainment, and other related activities. As a result, any organization's Network Intrusion Detection System (NIDS) is critical in protecting its data from misbehaviors. Despite the fact that every firm uses firewalls and other security measures to protect data, many intruders remain undetected. As a result, information must be better protected. Signature-based and anomaly-based IDS are the two most common types of NIDS. (i)A signature-based NIDS detects an intrusion by comparing it to previously detected intrusions. In the log files, there are signatures. (ii) The anomaly-based NIDS monitors system action and categorises it as either attack or normal (Gupta, 2010). Network-based IDS and host-based IDS are two types of IDS. When the system can converse with each other via the networks, and the network-based IDS identifies misbehaviour. (ii) If there is any misbehaviour, the host-based IDS monitors and analyses the single computer system (Devaraju, 2013; Nie, 2009).
The intrusion is detected using a signature-based or misuse-based intrusion detection system that evaluates previous signatures in log files (Ashara, 2012; Devaraju, 2019; Mansour, 2010; Suseela, 2005). Signature-based assaults rely on the knowledge gathered from previous strikes. Attack signatures, which are sets of rules that uniquely identify attacks, represent this information. Because they have superior accuracy and lower false positive rates, knowledge-based techniques are relatively straightforward for the administrator to sustain the attacks. When users detect an intrusion and compare it to the signatures log files, signature-based assaults are portrayed as known attacks. The log file contains a list of known assaults that have been detected on a computer system or network. Furthermore, the signature-based attack lacks the potential to to detect all types of attacks, particularly new attacks and those involving privilege misuse (Devaraju, 2019; Gang, 2010; Nor, 2008).
Unknown attacks are intrusion detection based on anomalies; these attacks are detected by the network and distinguished from conventional attacks. They can detect attempts to exploit novel and unexpected attacks, which gives them an advantage over signature-based attacks. However, anomaly-based techniques have their own set of drawbacks, including a high false positive rate due to a lack of training data and anomalous behaviour. Signature-based techniques are ideally suited for intrusion detection for these reasons (Devaraju, 2019; Shih-Wei, 2012; Mei, 2011).