A Fast Intrusion Detection System Based on Swift Wrapper Feature Selection and Speedy Ensemble Classifier

Abstract

Due to the widespread use of the internet, computer network systems may be exposed to different types of attacks. For this reason, the intrusion detection systems (IDSs) are often used to protect the network systems. Network traffic data (i.e., network packets) includes many features. However, most of them are irrelevant and can lead to a decrease in the runtime and/or the detection performance of the IDS. Although various data mining methods have been applied to improve the effectiveness of IDS, research regarding IDSs having high detection rates and better runtime performance (i.e., lower computational cost) is ongoing. On the other hand, the dimensionality reduction techniques help to eliminate unnecessary features and reduce the computation time of a classification algorithm. In the literature, the feature selection methods (i.e., filter and wrapper) have been widely used for the dimensionality reduction in IDSs. Although the wrapper feature selection techniques outperform the filters, they are time-consuming. Again, the ensemble classifiers can achieve higher detection rates for IDSs compared to the stand-alone classifiers, but they require more computation time to build the model. In order to improve the runtime performance and the detection rate of IDS, a swift wrapper feature selection and a speedy ensemble classifier are proposed in this study. For the dimensionality reduction, the swift wrapper feature selection (i.e., DBDE-QDA) is used, which consists of dichotomous binary differential evolution (DBDE) and quadratic discriminant analysis (QDA). For attack detection, the speedy ensemble classifier is used, which combines Holte's 1R, random tree, and reduced error pruning tree. In the experiments, the NSL-KDD, UNSW-NB15, and CICDDoS2019 datasets are used. According to the experimental results, the proposed IDS reaches 95%-97.4%, 82.7%, and 99.5%-99.9% detection rates for the NSL-KDD, UNSW-NB15, and CICDDoS2019 datasets. In this way, the proposed IDS competes with the state-of-the-art methods in terms of detection rate and false alarm rate. In addition, the proposed IDS has a lower computational cost than the state-of-the-art methods. Moreover, DBDE-QDA reduces the dimension by 60.97%-82.92%, 73.46%, and 96.55%-98.85% for the NSL-KDD, UNSW-NB15, and CICDoS2019 datasets.