A Feature Selection Technique for Network Intrusion Detection based on the Chaotic Crow Search Algorithm

Network security is one of the main challenges faced by network administrators and owners, especially with the increasing numbers and types of attacks. This rapid increase results in a need to develop different protection techniques and methods. Network Intrusion Detection Systems (NIDS) are a method to detect and analyze network traffic to identify attacks and notify network administrators. Recently, machine learning (ML) techniques have been extensively applied in developing detection systems. Due to the high complexity of data exchanged over the networks, applying ML techniques will negatively impact system performance as many features need to be analyzed. To select the most relevant features subset from the input data, a feature selection technique is used, which results in enhancing the overall performance of the NIDS. In this paper, we propose a wrapper approach as a feature selection based on a Chaotic Crow Search Algorithm (CCSA) for anomaly network intrusion detection systems. Experiments were conducted on the LITNET-2020 dataset. To the best of our knowledge, our proposed method can be considered the first selection algorithm applied on this dataset based on swarm intelligence optimization to find a special subset of features for binary and multiclass classifications that optimizes the performance for all classes at the same time. The model was evaluated using several ML classifiers namely, K-nearest neighbors (KNN), Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), Multi-layer perceptron (MLP), and Long Short-Term Memory (LSTM). The results proved that the proposed algorithm is more efficient in improving the performance of NIDS in terms of accuracy, detection rate, precision, F-score, specificity, and false alarm rate, outperforming state-of-the-art feature selection techniques recently proposed in the literature.