In recent years, the sophistication of attack vectors has increased, evolving with network infrastructures and presenting challenges for intrusion detection systems (IDS). The promising solution is provided by Machine Learning (ML) which efficiently analyzes the large and diverse datasets available for network traffic. The high dimensionality of these datasets presents a significant challenge in the process of identifying a feature subset that yields the highest performance while minimizing computational time. This study presents and evaluates a consensus-driven feature selection method applied to machine learning models used for intrusion detection. We examine how ensemble approaches with feature selection, together can reveal common influential features that boost IDS performance parameters, specially accuracy and processing time. Employing the CICIDS 2017 dataset, various feature selection techniques are used to identify the relevant attributes for anomaly detection. The proposed consensus-based approach is evaluated using several ML models with two distinct feature sets, comprising 8 and 12 features, respectively. Findings indicate that the suggested approach reduces execution time while simultaneously boosting detection accuracy for classifiers like Naive Bayes, KNN, and AdaBoost. The Random Forest algorithm achieved a 96% detection accuracy using the reduced feature set of 8 and the shortest execution time of 12.6 s. The KNN algorithm reached 99% accuracy but takes significantly longer execution time of 348 s. Conversely, the Naïve Bayes classifier demonstrated substantial improvement, reaching 85% accuracy with low execution time of 2.5 s. These results highlight the importance of feature selection in optimizing IDS performance and advancing network anomaly detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Consensus-Based Feature Selection Approach for Machine Learning Intrusion Detection Systems

  • Ahmad Taha Hamarshe,
  • Mohammad M. N. Hamarsheh,
  • Ahmad Hasasneh

摘要

In recent years, the sophistication of attack vectors has increased, evolving with network infrastructures and presenting challenges for intrusion detection systems (IDS). The promising solution is provided by Machine Learning (ML) which efficiently analyzes the large and diverse datasets available for network traffic. The high dimensionality of these datasets presents a significant challenge in the process of identifying a feature subset that yields the highest performance while minimizing computational time. This study presents and evaluates a consensus-driven feature selection method applied to machine learning models used for intrusion detection. We examine how ensemble approaches with feature selection, together can reveal common influential features that boost IDS performance parameters, specially accuracy and processing time. Employing the CICIDS 2017 dataset, various feature selection techniques are used to identify the relevant attributes for anomaly detection. The proposed consensus-based approach is evaluated using several ML models with two distinct feature sets, comprising 8 and 12 features, respectively. Findings indicate that the suggested approach reduces execution time while simultaneously boosting detection accuracy for classifiers like Naive Bayes, KNN, and AdaBoost. The Random Forest algorithm achieved a 96% detection accuracy using the reduced feature set of 8 and the shortest execution time of 12.6 s. The KNN algorithm reached 99% accuracy but takes significantly longer execution time of 348 s. Conversely, the Naïve Bayes classifier demonstrated substantial improvement, reaching 85% accuracy with low execution time of 2.5 s. These results highlight the importance of feature selection in optimizing IDS performance and advancing network anomaly detection.