Effective Approaches for Intrusion Detection Systems in the Face of Low-Frequency Attacks

This paper presents a new approach to improve the detection of network security by combining feature selection with Long-Short-Term-Memory (LSTM) approaches. The SHapley Additive exPlanations (SHAP) values approach is utilized for feature selection, in conjunction with cross-validation, to identify the most effective set of features that improve model recall for each specific sort of assault. We employ the Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) dataset to train and assess the efficacy of our model. The suggested model exhibits greater performance in comparison to standard LSTM models when utilizing all features. Furthermore, it surpasses current leading models with an accuracy of 99.74%, precision of 95.42%, recall of 94.92%, and F1-Score of 94.90%. In addition, the model demonstrates outstanding aptitude in precisely detecting Remote-to-Local (R2L) and User-to-Root (U2R) attacks, which are complex forms of intrusions that exploit vulnerabilities to gain unauthorized access to systems or networks. Although infrequent, these assaults provide a substantial risk because they have the ability to do substantial harm and compromise confidential data.