A Hybrid Approach for Intrusion Detection Using Feature Selection and Class Balancing on the NSL-KDD Dataset
摘要
Intrusion Detection Systems (IDS) are used to detect malicious behavior in network traffic. Still, issues like high-dimensional features and extreme class imbalance—particularly for rare types of attacks like User to Root (U2R)—render it challenging for machine learning algorithms to recognize minority attacks efficiently. Here, we conduct an exhaustive assessment of the NSL-KDD dataset with Random Forest and XGBoost classifiers on thirteen experimental cases. These instances integrate three feature selection methods (Information Gain, Gini Index, Chi-Square), two balancing strategies (SMOTE and cost-sensitive learning), and two ensemble classifiers (Random Forest and XGBoost). Our experiments demonstrate that although SMOTE improves the recall of the minority class drastically, its performance highly depends on the employed feature selection method and model. The optimal performance is obtained with XGBoost on SMOTE-balanced data without dimensionality reduction, resulting in a 99.84% overall accuracy and an F1-score of 0.75 for the U2R class. Chi-Square-based models experienced significant drops in performance compared to this. This paper offers a comparative evaluation of these methods, showing that while SMOTE generally improves fairness by enhancing recall for underrepresented classes such as U2R, its effectiveness depends on the chosen feature selection method. Hybrid approaches that combine SMOTE with feature selection reduce the feature space, while maintaining a balance between minority-class sensitivity and practical computational efficiency, thus supporting the design of equitable, precise, and efficient intrusion detection systems.