Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Efficient Intrusion Detection: Combining $χ^2$ Feature Selection with CNN-BiLSTM on the UNSW-NB15 Dataset

Mohammed Jouhari, Hafsa Benaddi, Khalil Ibrahimi

TL;DR

The paper tackles IoT intrusion detection under constrained resources by integrating a lightweight CNN-BiLSTM with Chi-square feature selection to shrink input features and reduce inference cost. It leverages the UNSW-NB15 dataset to demonstrate that the hybrid model achieves high binary and multiclass accuracy (up to 97.90% and 97.09%, respectively) with notably fast prediction times (1.1s binary, 2.10s multiclass) and lower feature-induced delays. A SelectKBest-based feature reduction to the top 20 features and a weighted loss for class imbalance are key design choices. The work shows strong potential for on-device IDS in IoT settings, offering a practical balance between accuracy and resource usage and paving the way for further optimization.

Abstract

Intrusion Detection Systems (IDSs) have played a significant role in the detection and prevention of cyber-attacks in traditional computing systems. It is not surprising that this technology is now being applied to secure Internet of Things (IoT) networks against cyber threats. However, the limited computational resources available on IoT devices pose a challenge for deploying conventional computing-based IDSs. IDSs designed for IoT environments must demonstrate high classification performance, and utilize low-complexity models. Developing intrusion detection models in the field of IoT has seen significant advancements. However, achieving a balance between high classification performance and reduced complexity remains a challenging endeavor. In this research, we present an effective IDS model that addresses this issue by combining a lightweight Convolutional Neural Network (CNN) with bidirectional Long Short-Term Memory (BiLSTM). Additionally, we employ feature selection techniques to minimize the number of features inputted into the model, thereby reducing its complexity. This approach renders the proposed model highly suitable for resource-constrained IoT devices, ensuring it meets their computation capability requirements. Creating a model that meets the demands of IoT devices and attains enhanced precision is a challenging task. However, our suggested model outperforms previous works in the literature by attaining a remarkable accuracy rate of 97.90% within a prediction time of 1.1 seconds for binary classification. Furthermore, it achieves an accuracy rate of 97.09% within a prediction time of 2.10 seconds for multiclassification.

Efficient Intrusion Detection: Combining $χ^2$ Feature Selection with CNN-BiLSTM on the UNSW-NB15 Dataset

TL;DR

The paper tackles IoT intrusion detection under constrained resources by integrating a lightweight CNN-BiLSTM with Chi-square feature selection to shrink input features and reduce inference cost. It leverages the UNSW-NB15 dataset to demonstrate that the hybrid model achieves high binary and multiclass accuracy (up to 97.90% and 97.09%, respectively) with notably fast prediction times (1.1s binary, 2.10s multiclass) and lower feature-induced delays. A SelectKBest-based feature reduction to the top 20 features and a weighted loss for class imbalance are key design choices. The work shows strong potential for on-device IDS in IoT settings, offering a practical balance between accuracy and resource usage and paving the way for further optimization.

Abstract

Intrusion Detection Systems (IDSs) have played a significant role in the detection and prevention of cyber-attacks in traditional computing systems. It is not surprising that this technology is now being applied to secure Internet of Things (IoT) networks against cyber threats. However, the limited computational resources available on IoT devices pose a challenge for deploying conventional computing-based IDSs. IDSs designed for IoT environments must demonstrate high classification performance, and utilize low-complexity models. Developing intrusion detection models in the field of IoT has seen significant advancements. However, achieving a balance between high classification performance and reduced complexity remains a challenging endeavor. In this research, we present an effective IDS model that addresses this issue by combining a lightweight Convolutional Neural Network (CNN) with bidirectional Long Short-Term Memory (BiLSTM). Additionally, we employ feature selection techniques to minimize the number of features inputted into the model, thereby reducing its complexity. This approach renders the proposed model highly suitable for resource-constrained IoT devices, ensuring it meets their computation capability requirements. Creating a model that meets the demands of IoT devices and attains enhanced precision is a challenging task. However, our suggested model outperforms previous works in the literature by attaining a remarkable accuracy rate of 97.90% within a prediction time of 1.1 seconds for binary classification. Furthermore, it achieves an accuracy rate of 97.09% within a prediction time of 2.10 seconds for multiclassification.
Paper Structure (9 sections, 1 equation, 3 figures, 4 tables)

This paper contains 9 sections, 1 equation, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Proposed method
  4. Description of the UNSW-NB15 dataset
  5. Lightweight CNN-BiLSTM
  6. $\chi^2$ features selection
  7. Measuring NIDS Performance: Key Metrics
  8. EXPERIMENTAL RESULTS AND ANALYSIS
  9. Conclusion

Figures (3)

  • Figure 1: Proposed Model Architecture
  • Figure 2: CNN-BiLSTM confusion matrix for binary classification of attacks.
  • Figure 3: CNN-BiLSTM confusion matrix for multiclassification of attacks.