An Intelligent IDS Using Feature Engineering and Fuzzy SVM-Based CNN: An Experimental Study

Recently, Machine Learning (ML) techniques have been applied in various Intrusion Detection Systems (IDS) to automatically detect and categorize known and unknown attacks. Various issues arise owing to the rapid change in the attack behavior in a large volume of data. Existing IDSs developed using ML algorithms often struggle to identify and detect various unknown attacks and fail to achieve the required detection accuracy for known attacks owing to a lack of learning and pattern identification. For this purpose, Deep Learning (DL) techniques are incorporated with IDSs to learn the dataset in depth, and identify the most important features, and achieve reasonable performance in terms of detection accuracy. However, these types of systems require a significant amount of time to predict attacks. An improved IDS framework is proposed in this study that applies feature engineering along with a hybrid Fuzzy Support Vector Machine (FSVM)-based Convolutional Neural Network (CNN) classifier to increase the detection rate and efficiency. Fuzzy logic enables FSVM to deal with uncertain data and it adds adaptive membership levels to inputs which produces better results than traditional SVMs while reducing the impact of ambiguous or noisy data samples. The refined data from the FSVM are processed by a CNN that identifies temporal attack patterns to enhance feature extraction accuracy and classification detection. By integrating FSVM with CNN, more precise attack detection is possible because imbalanced datasets are handled more effectively with greater generalization to new attack patterns. Using fuzzy logic and temporal constraints, the proposed IDS categorizes the network traffic accordingly into the modern attack families present in CICIDS2017 (DoS/DDoS, Brute Force, Infiltration, Web Attacks, Botnet, and Normal) and UNSW-NB15 (Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, Worms, and Normal). We evaluated our approach using an extensive set of experiments on the CICIDS2017 and UNSW-NB15 benchmark datasets, and it showed better results in terms of detection accuracy and computational efficiency than existing ML and DL-based IDS models.