Network intrusion detection system based on recursive feature addition and bigram technique

In this paper, we are proposing a NIDS based on a feature selection method called Recursive Feature Addition (RFA) and bigram technique. The system has been designed, implemented and tested. We tested the model on the ISCX 2012 data set, which is one of the most well-known and recent data sets for intrusion detection purposes. Furthermore, we are proposing a bigram technique to encode payload string features into a useful representation that can be used in feature selection. In addition, we propose a new evaluation metric called (combined) that combines accuracy, detection rate and false alarm rate in a way that helps in comparing different systems and selecting the best among them. The designed feature selection-based system has shown a noticeable improvement on the performance using different metrics.