Skip to main content
SpringerLink
Log in

A Comparative Assessment of Wrappers and Filters for Detecting Cyber Intrusions

  • Conference paper
  • First Online:
Good Practices and New Perspectives in Information Systems and Technologies (WorldCIST 2024)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 987))

Included in the following conference series:

  • 21 Accesses

Abstract

The high number of features in network traffic data might overload intrusion detection systems (IDSs) and resulted in overfitting. Furthermore, duplicated, and unnecessary features may restrict an IDS's ability to learn and infer. Generally, feature selection methods can alleviate this issue. It is a data pre-processing step that can be applied before the classification phase and aims to improve classifier performance and interpretability by selecting only a few highly informative features. The present study aims at assessing the effects of four filters (Consistency-based subset selection, Pearson correlation, Double Input Symmetric Relevance and Chi2); and four wrappers (Boruta, BorutaShap, Recursive Feature Elimination, and Genetic Algorithm) on the classification effectiveness of four models: Random Forest, Multilayer Perceptron, eXtreme Gradient Boosting and Support Vector Machines using CICIDS2018 dataset. The findings suggested that combining ensemble models with RFE and CON techniques can effectively reduce the number of attributes without impacting the outcomes of classification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: Proceedings - Annual Computer Security Applications Conference. ACSAC, vol. Part F133431, pp. 371–377 (1999). https://doi.org/10.1109/CSAC.1999.816048

  2. Jović, K.B., Bogunović, N.:  A review of feature selection methods with applications. In:  2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2015 - Proceedings, pp. 1200–1205 (2015),  https://doi.org/10.1109/MIPRO.2015.7160458

  3. Liu, H., Yu, L.: Toward integrating feature selection algorithms for classification and clustering. IEEE Trans. Knowl. Data Eng. 17(4), 491–502 (2005). https://doi.org/10.1109/TKDE.2005.66

    Article  Google Scholar 

  4. Bolón-Canedo, V., Sánchez-Maroño, N., Alonso-Betanzos, A.: A review of feature selection methods on synthetic data. Knowl. Inf. Syst. 34(3), 483–519 (2013). https://doi.org/10.1007/S10115-012-0487-8/METRICS

    Article  Google Scholar 

  5. Panthong, R., Srivihok, A.: Wrapper feature subset selection for dimension reduction based on ensemble learning algorithm. Proc. Comput. Sci. 72, 162–169 (2015). https://doi.org/10.1016/J.PROCS.2015.12.117

    Article  Google Scholar 

  6. Kursa, M.B., Rudnicki, W.R.: Feature selection with the boruta package. J. Stat. Softw. 36(11), 1–13 (2010). https://doi.org/10.18637/JSS.V036.I11

    Article  Google Scholar 

  7. BorutaShap: A wrapper feature selection method which combines the Boruta feature selection algorithm with Shapley values.  https://doi.org/10.5281/ZENODO.4247618

  8. Kuhn, M., Johnson, K.:  Applied predictive modeling. Appli. Predictive Model. 1–600, (2013).  https://doi.org/10.1007/978-1-4614-6849-3/COVER

  9. Leardi, R., Boggia, R., Terrile, M.: Genetic algorithms as a strategy for feature selection. J. Chemom. 6(5), 267–281 (1992). https://doi.org/10.1002/CEM.1180060506

    Article  Google Scholar 

  10. Jany Shabu, S.,et al.: Research on Intrusion Detection Method Based on Pearson Correlation Coefficient Feature Selection Algorithm. J. Phys. Conf. Ser. 1757(1), 012054, (2021).  https://doi.org/10.1088/1742-6596/1757/1/012054

  11. Liu, H., Setiono, R.:  Chi2: feature selection and discretization of numeric attributes. In: Proceedings of the International Conference on Tools with Artificial Intelligence, pp. 388–391 (1995).  https://doi.org/10.1109/TAI.1995.479783

  12. Meyer, P.E., Schretter, C., Bontempi, G.: Information-theoretic feature selection in microarray data using variable complementarity. IEEE J. Sel. Top. Sign. Proces. 2(3), 261–274 (2008). https://doi.org/10.1109/JSTSP.2008.923858

    Article  Google Scholar 

  13. Dash, M., Liu, H.: Consistency-based search in feature selection. Artif. Intell. 151(1–2), 155–176 (2003). https://doi.org/10.1016/S0004-3702(03)00079-1

    Article  MathSciNet  Google Scholar 

  14. Zouhri, H., Idri, A., Ratnani, A.:  Evaluating the impact of filter-based feature selection in intrusion detection systems. Int. J. Inf .Secur., 1–27 (2023).  https://doi.org/10.1007/S10207-023-00767-Y/TABLES/17

  15. Halim, Z., et al.: An effective genetic algorithm-based feature selection method for intrusion detection systems. Comput. Secur. 110, 102448 (2021). https://doi.org/10.1016/J.COSE.2021.102448

  16. Awad, M., Fraihat, S.:  Recursive feature elimination with cross-validation with decision tree: feature selection method for machine learning-based intrusion detection systems. J. Sensor Actuator Netw.  12(5), 67 (2023).  https://doi.org/10.3390/JSAN12050067

  17. Liu, Z., Shi, Y.: A Hybrid IDS using GA-based feature selection method and random forest. Int. J. Mach. Learn. Comput. 12(2) (2022).  https://doi.org/10.18178/IJMLC.2022.12.2.1077

  18. Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inform. Sec. Appli. 44, 80–88 (2019). https://doi.org/10.1016/J.JISA.2018.11.007

    Article  Google Scholar 

  19. Megantara, A.A., Ahmad, T.:  Feature importance ranking for increasing performance of intrusion detection system. In: 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020, pp. 37–42 (2020).  https://doi.org/10.1109/IC2IE50715.2020.9274570

  20. Yin, Y., et al.: IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset. J Big Data 10(1), 1–26 (2023). https://doi.org/10.1186/S40537-023-00694-8/TABLES/9

    Article  Google Scholar 

  21. Sharafaldin, A.H.l.,  Ghorbani, A.A: .Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, pp. 108–116 (2018).  https://doi.org/10.5220/0006639801080116

  22. Scott, J., Knott, M.: A cluster analysis method for grouping means in the analysis of variance. Biometrics 30(3), 507 (1974). https://doi.org/10.2307/2529204

    Article  Google Scholar 

  23. Azzeh, M., Nassif, A.B., Minku, L.L.: An empirical evaluation of ensemble adjustment methods for analogy-based effort estimation. J. Syst. Softw. 103, 36–52 (2015). https://doi.org/10.1016/J.JSS.2015.01.028

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Mohammed VI Polytechnic University, BenGuerir, Morocco

    Houssam Zouhri & Ali Idri

  2. Software Project Management Research Team, ENSIAS, Mohammed V University, Rabat, Morocco

    Ali Idri

Authors
  1. Houssam Zouhri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Idri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Idri .

Editor information

Editors and Affiliations

  1. ISEG, Universidade de Lisboa, Lisbon, Portugal

    Álvaro Rocha

  2. College of Engineering, The Ohio State University, Columbus, OH, USA

    Hojjat Adeli

  3. Institute of Data Science and Digital Technologies, Vilnius University, Vilnius, Lithuania

    Gintautas Dzemyda

  4. DCT, Universidade Portucalense, Porto, Portugal

    Fernando Moreira

  5. Institute of Information Technology, Lodz University of Technology, Łódz, Poland

    Aneta Poniszewska-Marańda

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zouhri, H., Idri, A. (2024). A Comparative Assessment of Wrappers and Filters for Detecting Cyber Intrusions. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-031-60221-4_12

Download citation

Publish with us

Policies and ethics

Search

Navigation