A Hybrid Binary and Multi-Class Classification Model for Network Intrusion Detection

Authors

  • Karrar Mohsin Alwan Department of Electromechanical Systems Technologies, Baqubah Technical College, Middle Technical University
  • Ahmed Saad Mohammed
  • A. S. Abohamama

DOI:

https://doi.org/10.24237/04.01.752

Keywords:

Intrusion Detection, Feature Selector, NSL-KDD dataset, Firefly Algorithm, Support Vector Machine, and K-Nearest Neighbor.

Abstract

Intrusion detection is a cornerstone in computer networks, maintaining privacy and ensuring availability and security. However, the larger the number of features involved in the intrusion detection process, the more complex it becomes. Therefore, reducing the number of features is necessary. Feature selection techniques can effectively enhance the classifiers' performance by eliminating redundant or irrelevant features. Two powerful models were introduced for anomaly-based intrusion detection based on a binary classifier and a multi-classifier, which both depend on a modified firefly algorithm (FFA) for feature selection. Support Vector Machine (SVM) and K-Nearest Neighbour classifiers have been used to evaluate both models over the NSL-KDD dataset. The first and second models have been used for attack classification to distinguish between normal and abnormal traffic, and between four types of attacks, including Denial of Service Attack (DoS), User to Root Attack (U2R), Remote to Local Attack (R2L), Probing Attack, and the normal case, respectively. The models were evaluated for classification accuracy and the number of features. The first model achieved 98% accuracy with 7 selected features, while the second achieved 97% accuracy with 11 selected features.

Downloads

Download data is not yet available.

References

[1] K. Scarfone and P. Mell, “NIST Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology,” Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD, United States, pp. 20899–28930, 2007.

[2] M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on the security of IoT frameworks,” Journal of Information Security and Applications, vol. 38, pp. 8–27, 2018.

[3] K. P. Hiba Fathima and P. P. Anugraha, “A Review on Network Intrusion Detection,” International Journal of Scientific Research and Technology, vol. 2, no. 12, p. 1, 2025.

[4] S. M. Kasongo and Y. Sun, “A deep gated recurrent unit-based model for wireless intrusion detection system,” ICT Express, vol. 7, no. 1, pp. 81–87, 2021.

[5] N. T. T. Van and T. N. Thinh, “Accelerating anomaly-based IDS using neural network on GPU,” in 2015 international conference on Advanced Computing and Applications (ACOMP), IEEE, 2015, pp. 67–74.

[6] T. Whare W-ananga, W. Hamilton, and M. A. Hall, “’ " mvers1ty of Waikato Correlation-based Feature Selection for Machine Learning,” 1999.

[7] P. Sharma, J. Sengupta, and P. K. Suri, “Intrusion Detection Using Data Mining in Cloud Computing Environment.” [Online]. Available: http://www.publishingindia.com/ijdcc

[8] F. Amiri, M. R. Yousefi, C. Lucas, A. Shakery, and N. Yazdani, “Mutual information-based feature selection for intrusion detection systems,” Journal of network and computer applications, vol. 34, no. 4, pp. 1184–1199, 2011.

[9] S.-J. Horng et al., “A novel intrusion detection system based on hierarchical clustering and support vector machines,” Expert Syst Appl, vol. 38, no. 1, pp. 306–313, 2011.

[10] C. Khammassi and S. Krichen, “A GA-LR wrapper approach for feature selection in network intrusion detection,” Comput Secur, vol. 70, pp. 255–277, 2017.

[11] O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” EURASIP J Wirel Commun Netw, vol. 2016, pp. 1–10, 2016.

[12] B. Ingre and A. Yadav, “Performance analysis of NSL-KDD dataset using ANN,” in 2015 international conference on signal processing and communication engineering systems, IEEE, 2015, pp. 92–96.

[13] A. H. Sung and S. Mukkamala, “Identifying important features for intrusion detection using support vector machines and neural networks,” in 2003 Symposium on Applications and the Internet, 2003. Proceedings., IEEE, 2003, pp. 209–216.

[14] B. Selvakumar and K. Muneeswaran, “Firefly algorithm based feature selection for network intrusion detection,” Comput Secur, vol. 81, pp. 148–155, 2019.

[15] X.-S. Yang, “Firefly Algorithms for Multimodal Optimization,” Mar. 2010, [Online]. Available: http://arxiv.org/abs/1003.1466

[16] M. Naidu and D. Professor, “An Effective Approach to Network Intrusion Detection System using Genetic Algorithm.” [Online]. Available: http://www.tcpdump.com

[17] S. Peddabachigari, A. Abraham, C. Grosan, and J. Thomas, “Modeling intrusion detection system using hybrid intelligent systems,” Journal of network and computer applications, vol. 30, no. 1, pp. 114–132, 2007.

[18] S. A. Dudani, “The distance-weighted k-nearest-neighbor rule,” IEEE Trans Syst Man Cybern, no. 4, pp. 325–327, 1976.

[19] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE symposium on computational intelligence for security and defense applications, Ieee, 2009, pp. 1–6.

[20] W. A. H. M. Ghanem et al., “Cyber Intrusion Detection System Based on a Multiobjective Binary Bat Algorithm for Feature Selection and Enhanced Bat Algorithm for Parameter Optimization in Neural Networks,” IEEE Access, vol. 10, pp. 76318–76339, 2022, doi: 10.1109/ACCESS.2022.3192472.

[21] M. Bakro et al., “An Improved Design for a Cloud Intrusion Detection System Using Hybrid Features Selection Approach With ML Classifier,” IEEE Access, vol. 11, pp. 64228–64247, 2023, doi: 10.1109/ACCESS.2023.3289405.

[22] M. A. Faizin, D. T. Kurniasari, N. Elqolby, M. A. R. Putra, and T. Ahmad, “Optimizing Feature Selection Method in Intrusion Detection System Using Thresholding,” International Journal of Intelligent Engineering and Systems, vol. 17, no. 3, pp. 214–226, 2024, doi: 10.22266/ijies2024.0630.18.

[23] P. Choobdar, M. Naderan, and M. Naderan, “Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset,” Wirel Pers Commun, vol. 123, no. 1, pp. 437–471, Mar. 2022, doi: 10.1007/s11277-021-09139-y.

[24] Y. S. Almutairi, B. Alhazmi, and A. A. Munshi, “Network Intrusion Detection Using Machine Learning Techniques,” Advances in Science and Technology Research Journal, vol. 16, no. 3, pp. 193–206, 2022, doi: 10.12913/22998624/149934.

[25] T. Ferrão, F. Manene, and A. A. Ajibesin, “Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network,” Computers, Materials and Continua, vol. 75, no. 3, pp. 4985–5007, 2023, doi: 10.32604/cmc.2023.038276.

.

Downloads

Published

2026-01-30

Issue

Vol. 4 No. 1 (2026): Current Issue: Advances in Science

Section

paper

License

Copyright (c) 2026 CC BY 4.0

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Alwan, K., Saad, A., & Abohamama, A. . (2026). A Hybrid Binary and Multi-Class Classification Model for Network Intrusion Detection. ٍِASJ - Academic Science Journal, 4(1), 131-147. https://doi.org/10.24237/04.01.752

Similar Articles

41-49 of 49

You may also start an advanced similarity search for this article.