A hybrid feature selection and aggregation strategy-based stacking ensemble technique for network intrusion detection.

Autor: Huang, Yongqing, Chen, Guoqing, Gou, Jin, Fan, Zongwen, Liao, Yongxin
Zdroj: Applied Intelligence; Jan2025, Vol. 55 Issue 1, p1-24, 24p
Abstrakt: Intrusion Detection System (IDS) plays an important role in the cybersecurity for preventing the platform from network attacks. To improve the overall performance of IDS, researchers have introduced machine learning methods to classify network behaviors. As the Internet develops and cyberspace expands, the network environment becomes increasingly diverse and complex. As a result, the traditional and single machine learning methods limit the development of intrusion detection systems, and it is difficult to resist the exponential growth of network attacks. To solve this problem, we propose a novel intrusion detection method based on the hybrid feature selection and stacking ensemble techniques to improve the performance of the intrusion detection system. We first apply the hybrid feature selection technique based on the filtering and embedding methods to reduce the feature dimensions. The filtering method uses the information gain rate, while the embedding method uses the feature importance from the random forest model and determines the best feature subset through the hybrid strategy. On the basis of this, a random forest binary classifier is constructed for each category before a multi-classifier is constructed by the aggregation strategy-based stacking ensemble mechanism to determine the specific type of network behavior. The experimental results show that, on the UNSW-NB15 dataset, the proposed method achieved an accuracy of 80.83% with only 9 selected best features (45 in total), which is an improvement of 5.37% compared to the baseline method. On the CICIDS2017 dataset, the accuracy of proposed model reached 99.97% with 27 features selected (75 in total), outperforming the baseline methods. The detection and recognition performance of our proposed method is better than that of traditional machine learning methods and other well-known ensemble methods in terms of accuracy, F1-Score, Cohen’s Kappa score, and false alarm rate. This indicates that our proposed model could be a useful tool in intrusion detection. [ABSTRACT FROM AUTHOR]
Databáze: Complementary Index