This repository contains the code used to generate the results presented in the paper:

Feature Selection for Network Intrusion Detection
Charles Westphal, et al. In Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining (SIGKDD 2025} Link to the paper

• Introduction
• Installation
• Usage
• Datasets
• Citation

In this repo, we publish the code used to create the results in Feature Selection for Network Intrusion Detection (FSNID). FSNID, is an information-theoretic filter method that sequentially eliminates features that fail to transfer entropy to the attack vector, as shown in the following schematic.

This in turn led to us achieving the following main results:

1. Clone the Repository:

   git clone https://github.com/c-s-westphal/FSNID.git cd FSNID 

2. Create Virtual Environment:

   python3 -m FSNID_venv venv source FSNID_venv/bin/activate 

3. Install Required Packages:

   pip install -r requirements.txt 

Run the feature selection and classification script using:

```bash python main.py --nme DATASET_NAME --selection_method METHOD --model_type MODEL 

• --nme: Name of the dataset to use (default: BOTIOT).
• --selection_method: Feature selection method to use. Choices are fsnid, brown, firefly, lasso, pi (default: fsnid).
• --model_type: Type of model to evaluate the features with. Only FSNID is designed to be used with all four, other methods should be left to default to MLP. Choices are MLP, LSTM, TCN, GRU (default: MLP).

Due to GitHub's file size limitations, the full datasets are not included in this repository. However, the first 5000 rows of the BOTIOT dataset are provided in the /data directory to demonstrate the required format.

For the complete datasets, please visit:

• BOT-IoT Dataset: Download Link
• TON-IoT Dataset: Download Link
• NSL-KDD Dataset: Download Link
• CIC-DDoS2019 Dataset: Download Link
• UNSW-NB15 Dataset: Download Link
• CIC-IDS2017 Dataset: Download Link

If you use this code in your research, please cite our paper:

@inproceedings{WHM25:feature, author = {Westphal, Charles and Hailes, Stephen and Musolesi, Mirco}, title = {{Feature Selection for Network Intrusion Detection}}, year = {2025}, booktitle = {Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining (SIGKDD 2025}, location = {Toronto, Canada} }