AI-Driven Features for Intrusion Detection and Prevention Using Random Forest

Mohammed B. Al-Doori^1,*, Khattab M. Ali Alheeti¹

¹Department of Computer Networking Systems, College of Computer Sciences and Information Technology, University of Anbar, Al Anbar, Ramadi, Iraq

Emails: mohamed.basem.aldouri@gmail.com; co.khattab.alheeti@uoanbar.edu.iq

Abstract

In this research, we investigate sophisticated methods for Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), leveraging AI-based feature optimization and diverse machine learning strategies to bolster network intrusion detection and prevention. The study primarily utilizes the NSL-KDD dataset, an enhanced version of the KDD Cup 1999 dataset, chosen for its realistic portrayal of various attack types and for addressing the shortcomings of the original dataset. The methodology includes AI-based feature optimization using Particle Swarm Optimization and Genetic Algorithm, focusing on maximizing information gain and entropy. This is integrated with the use of Random Forest (RF) to reduce class overlapping, further enhanced by boosting techniques. Grey Wolves Optimization (GWO) alongside Random Forest. This innovative approach, inspired by grey wolf hunting strategies, is employed for classification tasks on the NSL-KDD dataset. The performance metrics for each intrusion class are meticulously evaluated, revealing that the GWO-RF combination achieves an accuracy of 0.94, precision of 0.95, recall of 0.93, and an F1 score of 0.94.

Keywords: Intrusion Detection System; Intrusion Prevention System; Cloud Computing; Anomaly Detection; Deep learning; Software Defined Network