Abstract
The high number of features in network traffic data might overload intrusion detection systems (IDSs) and resulted in overfitting. Furthermore, duplicated, and unnecessary features may restrict an IDS's ability to learn and infer. Generally, feature selection methods can alleviate this issue. It is a data pre-processing step that can be applied before the classification phase and aims to improve classifier performance and interpretability by selecting only a few highly informative features. The present study aims at assessing the effects of four filters (Consistency-based subset selection, Pearson correlation, Double Input Symmetric Relevance and Chi2); and four wrappers (Boruta, BorutaShap, Recursive Feature Elimination, and Genetic Algorithm) on the classification effectiveness of four models: Random Forest, Multilayer Perceptron, eXtreme Gradient Boosting and Support Vector Machines using CICIDS2018 dataset. The findings suggested that combining ensemble models with RFE and CON techniques can effectively reduce the number of attributes without impacting the outcomes of classification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Proceedings - Annual Computer Security Applications Conference. ACSAC, vol. Part F133431, pp. 371–377 (1999). https://doi.org/10.1109/CSAC.1999.816048
Jović, K.B., Bogunović, N.: A review of feature selection methods with applications. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2015 - Proceedings, pp. 1200–1205 (2015), https://doi.org/10.1109/MIPRO.2015.7160458
Liu, H., Yu, L.: Toward integrating feature selection algorithms for classification and clustering. IEEE Trans. Knowl. Data Eng. 17(4), 491–502 (2005). https://doi.org/10.1109/TKDE.2005.66
Bolón-Canedo, V., Sánchez-Maroño, N., Alonso-Betanzos, A.: A review of feature selection methods on synthetic data. Knowl. Inf. Syst. 34(3), 483–519 (2013). https://doi.org/10.1007/S10115-012-0487-8/METRICS
Panthong, R., Srivihok, A.: Wrapper feature subset selection for dimension reduction based on ensemble learning algorithm. Proc. Comput. Sci. 72, 162–169 (2015). https://doi.org/10.1016/J.PROCS.2015.12.117
Kursa, M.B., Rudnicki, W.R.: Feature selection with the boruta package. J. Stat. Softw. 36(11), 1–13 (2010). https://doi.org/10.18637/JSS.V036.I11
BorutaShap: A wrapper feature selection method which combines the Boruta feature selection algorithm with Shapley values. https://doi.org/10.5281/ZENODO.4247618
Kuhn, M., Johnson, K.: Applied predictive modeling. Appli. Predictive Model. 1–600, (2013). https://doi.org/10.1007/978-1-4614-6849-3/COVER
Leardi, R., Boggia, R., Terrile, M.: Genetic algorithms as a strategy for feature selection. J. Chemom. 6(5), 267–281 (1992). https://doi.org/10.1002/CEM.1180060506
Jany Shabu, S.,et al.: Research on Intrusion Detection Method Based on Pearson Correlation Coefficient Feature Selection Algorithm. J. Phys. Conf. Ser. 1757(1), 012054, (2021). https://doi.org/10.1088/1742-6596/1757/1/012054
Liu, H., Setiono, R.: Chi2: feature selection and discretization of numeric attributes. In: Proceedings of the International Conference on Tools with Artificial Intelligence, pp. 388–391 (1995). https://doi.org/10.1109/TAI.1995.479783
Meyer, P.E., Schretter, C., Bontempi, G.: Information-theoretic feature selection in microarray data using variable complementarity. IEEE J. Sel. Top. Sign. Proces. 2(3), 261–274 (2008). https://doi.org/10.1109/JSTSP.2008.923858
Dash, M., Liu, H.: Consistency-based search in feature selection. Artif. Intell. 151(1–2), 155–176 (2003). https://doi.org/10.1016/S0004-3702(03)00079-1
Zouhri, H., Idri, A., Ratnani, A.: Evaluating the impact of filter-based feature selection in intrusion detection systems. Int. J. Inf .Secur., 1–27 (2023). https://doi.org/10.1007/S10207-023-00767-Y/TABLES/17
Halim, Z., et al.: An effective genetic algorithm-based feature selection method for intrusion detection systems. Comput. Secur. 110, 102448 (2021). https://doi.org/10.1016/J.COSE.2021.102448
Awad, M., Fraihat, S.: Recursive feature elimination with cross-validation with decision tree: feature selection method for machine learning-based intrusion detection systems. J. Sensor Actuator Netw. 12(5), 67 (2023). https://doi.org/10.3390/JSAN12050067
Liu, Z., Shi, Y.: A Hybrid IDS using GA-based feature selection method and random forest. Int. J. Mach. Learn. Comput. 12(2) (2022). https://doi.org/10.18178/IJMLC.2022.12.2.1077
Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inform. Sec. Appli. 44, 80–88 (2019). https://doi.org/10.1016/J.JISA.2018.11.007
Megantara, A.A., Ahmad, T.: Feature importance ranking for increasing performance of intrusion detection system. In: 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020, pp. 37–42 (2020). https://doi.org/10.1109/IC2IE50715.2020.9274570
Yin, Y., et al.: IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset. J Big Data 10(1), 1–26 (2023). https://doi.org/10.1186/S40537-023-00694-8/TABLES/9
Sharafaldin, A.H.l., Ghorbani, A.A: .Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, pp. 108–116 (2018). https://doi.org/10.5220/0006639801080116
Scott, J., Knott, M.: A cluster analysis method for grouping means in the analysis of variance. Biometrics 30(3), 507 (1974). https://doi.org/10.2307/2529204
Azzeh, M., Nassif, A.B., Minku, L.L.: An empirical evaluation of ensemble adjustment methods for analogy-based effort estimation. J. Syst. Softw. 103, 36–52 (2015). https://doi.org/10.1016/J.JSS.2015.01.028
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zouhri, H., Idri, A. (2024). A Comparative Assessment of Wrappers and Filters for Detecting Cyber Intrusions. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-031-60221-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-60221-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60220-7
Online ISBN: 978-3-031-60221-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)