With the enormous rise in the usage of computer networks, the necessity for safeguarding these networks is also increased. Network intrusion detection systems (NIDS) are designed to monitor and inspect the activities in a network. NIDS mainly depends on the features of the input network data as these features give information on the behaviour nature of the network traffic. The irrelevant and redundant network features negatively affect the efficacy and quality of NIDS, particularly its classification accuracy, detection time and processing complexity. In this paper, several feature selection techniques are applied to optimize the efficiency of NIDS. The categories of the applied feature selection techniques are the filter, wrapper and hybrid. Support vector machine (SVM) is employed as the detection model to classify the network connections behaviour into normal and abnormal traffic. NIDS is trained and tested on the benchmark NSL-KDD dataset. The performance of the applied feature selection techniques is compared with each other and the results are discussed. Evaluation results demonstrated the superiority of the wrapper techniques in providing the highest classification accuracy with the lowest detection time and false alarms of the NIDS.

Cloud computing provides and delivers a pool of on-demand and configurable resources and services that are delivered across the usage of the internet. Providing privacy and security to protect cloud assets and resources still a very challenging issue, since the distributed architecture of the cloud makes it vulnerable to the intruders. To mitigate this issue, intrusion detection systems (IDSs) play an important role in detecting the attacks in the cloud environment. In this paper, an anomaly-based network intrusion detection system (NIDS) is proposed which can monitor and analyze the network traffics flow that targets a cloud environment. The network administrator should be notified about the nature of these traffics to drop and block any intrusive network connections. Support vector machine (SVM) is employed as the classifier of the network connections. The binary-based Particle Swarm Optimization (BPSO) is adopted for selecting the most relevant network features, while the standard-based Particle Swarm Optimization (SPSO) is adopted for tuning the SVM control parameters. The benchmark NSL-KDD dataset is used as the network data source to build and evaluate the proposed system. Acceptable evaluation results state that the proposed system is characterized by detecting the intrusive network connections with high detection accuracy and low false alarm rates (FARs).