A Hybrid Intrusion Detection with Decision Tree for Feature Selection

TL;DR

This paper introduces a hybrid feature selection approach combining wrapper and filter methods with decision trees to improve intrusion detection systems, balancing effectiveness with computational efficiency.

Contribution

It proposes a novel hybrid feature selection method using decision trees, enhancing IDS performance and providing a comparative analysis with existing techniques.

Findings

The hybrid approach achieves comparable detection accuracy to state-of-the-art methods.

It requires higher computational time than filter-based methods.

The study reveals issues related to the UNSW-NB15 dataset's conformity.

Abstract

Due to the size and nature of intrusion detection datasets, intrusion detection systems (IDS) typically take high computational complexity to examine features of data and identify intrusive patterns. Data preprocessing techniques such as feature selection can be used to reduce such complexity by eliminating irrelevant and redundant features in the dataset. The objective of this study is to analyze the efficiency and effectiveness of some feature selection approaches namely, wrapper-based and filter-based modeling approaches. To achieve that, a hybrid of feature selection algorithm in combination with wrapper and filter selection processes is designed. We propose a wrapper-based hybrid intrusion detection modeling with a decision tree algorithm to guide the selection process. Five machine learning algorithms are used on the wrapper and filter-based feature selection methods to build IDS models using the UNSW-NB15 dataset. The three filter-based methods namely, information gain, gain ratio, and relief are used for comparison to determine the efficiency and effectiveness of the proposed approach. Furthermore, a fair comparison with other state-of-the-art intrusion detection approaches is also performed. The experimental results show that our approach is quite effective in comparison to state-of-the-art works, however, it takes high computational time in comparison to the filter-based methods whilst achieves similar results. Our work also revealed unobserved issues about the conformity of the UNSW-NB15 dataset.