The data preprocessing in improving the classification quality of network intrusion detection systems




Feature Selection, Machine Learning, NIDS, Resampling, UNSW-NB15


Stream-based intrusion detection is a growing problem in computer network security environments. Many previous researches have applied machine learning as a method to detect attacks in network intrusion detection systems. However, these methods still have limitations of low accuracy and high false alarm rate. To improve the quality of classification, this paper proposes two solutions in the data preprocessing stage, that is, the solution of feature selection and resampling of the training dataset before they are used for training the classifiers. This is based on the fact that there is a lot of class imbalanced data in the training dataset used for network intrusion detection systems, as well as that there are many features in the dataset that are irrelevant to the classification goal, this reduces the quality of classification and increases the computation time. The data after preprocessing by the proposed algorithms is used to train the classifiers using different machine learning algorithms including: Decision Trees, Naive Bayes, Logistic Regression, Support Vector Machines, k Nearest Neighbor and Artificial Neural Network. The training and testing results on the UNSW-NB15 dataset show that: as with the Reconnaissance attack type, the proposed feature selection solution for F-Measure achieves 96.31%, an increase of 19.64%; the proposed oversampling solution for F-Measure achieves 6.99%, an increase of 3.17% and the proposed undersampling solution for F-Measure achieves 94.65%, an increase of 11.42%.


S.M. Othman, F.M. Ba-Alwi, T. Nabeel, and A.Y. Al-Hashida, “Intrusion detection model using machine learning algorithm on Big Data environment,” J Big Data, vol. 5, no. 34, 4, 2018. DOI:

A. Thakkar and R. Lohiya, “A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions,” Artificial Intelligence Review, vol. 55, pp. 453–563, 2022. DOI:

Z. Liu, R. Wang, M. Tao, and X. Cai, “A class-oriented feature selection approach for multi-class imbalanced network traffic datasets based on local and global metrics fusion,” Neurocomputing, vol. 168, pp. 365–381, 2015. DOI:

H. Alsaadi, R. Almuttairi, O. Bayat, and A. Osman, “Computational intelligence algorithms to handle dimensionality reduction for enhancing intrusion detection system,” J. Inf. Sci. Eng., vol. 36, no. 2, pp. 293–308, 2020.

O. Almomani, “A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms,” Symmetry (Basel), vol. 12, no. 6, pp. 1–20, 2020. DOI:

M.S. Bonab, A. Ghaffari, F.S. Gharehchopogh, and P. Alemi, “A wrapper-based feature selection for improving performance of intrusion detection systems,” Int. J. Commun. Syst., vol. 33, no. 12, pp. 1–25, 2020. DOI:

Y. Zhu, J. Liang, J. Chen, and Z. Ming, “An improved NSGA-III algorithm for feature selection used in intrusion detection,” Knowledge-Based Systems, vol. 116, pp. 74–85, 2017. DOI:

J. Leevy, T. Khoshgoftaar, R. Bauder, and N. Seliya, “A survey on addressing high-class imbalance in big data,” Journal of Big Data, vol. 5, no. 1, 2018. DOI:

N. Junsomboon, “Combining Over-Sampling and Under- Sampling Techniques for Imbalance Dataset,” in Proceedings of the 9th International Conference on Machine Learning and Computing, 2017. DOI:

S. Bagui and K. Li, “Resampling imbalanced data for network intrusion detection datasets,” Journal of Big Data, vol. 8, no. 6, 2021. DOI:

H. Ahmed, A. Hameed, and N. Bawany, “Network intrusion detection using oversampling technique and machine learning algorithms,” PeerJ Computer Science, 8:e820 DOI 10.7717/peerj-cs.820, 2022. DOI:

F. Last, G. Douzas, and F. Bação, “Oversampling for Imbalanced Learning Based on K-Means and SMOTE,” CoRR abs/1711.00837, 2017.

Y. Pristyanto, A.F. Nugraha, A. Dahlan, L.A. Wirasakti, A.A. Zein, and I. Pratama, “Multiclass Imbalanced Handling using ADASYN Oversampling and Stacking Algorithm,” in 16th International Conference on Ubiquitous Information Management and Communication, doi: 10.1109/IMCOM53663.2022.9721632, 2022. DOI:

A. Pathak, “Analysis of Different SMOTE based Algorithms on Imbalanced Datasets,” International Research Journal of Engineering and Technology (IRJET), vol. 8, no. 8, pp. 4111–4114, 2021.

D. Guan, W. Yuan, Y.K. Lee, and S. Lee, “Nearest neighbor editing aided by unlabeled data,” Information Sciences, vol. 179, pp. 2273–2282, 2009. DOI:

G. Douzas and F. Bacao, “Effective data generation for imbalanced learning using conditional generative adversarial networks,” Expert Systems with Applications, vol. 91, pp. 464–471, 2018. DOI:

G. Douzas, F. Bacao, and F. Last, “Improving imbalanced learning through a heuristic oversampling method based on k-means and SMOTE,” Information Sciences, vol. 465, pp. 1–20, 2018. DOI:

A. Amin, S. Anwar, A. Adnan, M. Nawaz, N. Howard, J. Quadir, A. Havalah, and A. Hussain, “Comparing Oversampling Techniques to Handle the Class Imbalance

Problem: A Customer Churn Prediction Case Study,” IEEE Access, vol. 4, pp. 7940–7957, 2016. DOI:

N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive dataset for network intrusion detection systems,” in Conference on Military Communications and Information Systems, 2015. DOI:

C. Sergio, D.S. Javier, L. Ibai, O. Ignacio, S. Javier, J.S. Javier, and I.T. Ana, “Chapter 5 - Big Data in Road Transport and Mobility Research,” in Intelligent Vehicles, Butterworth-Heinemann, pp. 175–205, 2018. DOI:

M. Torabi, N.I. Udzir, M.T. Abdullah, and R. Yaakob, “A Review on Feature Selection and Ensemble Techniques for Intrusion Detection System,” International Journal of Advanced Computer Science and Applications, vol. 15, no. 5, pp. 538–553, 2021. DOI:




How to Cite

Thanh HN. The data preprocessing in improving the classification quality of network intrusion detection systems. EAI Endorsed Trans Context Aware Syst App [Internet]. 2023 Sep. 6 [cited 2024 Apr. 25];9. Available from: