Detection-Rate-Emphasized Multi-objective Evolutionary Feature Selection for Network Intrusion Detection
This work addresses a critical gap in network intrusion detection systems by emphasizing detection rate to reduce missed attacks, offering a domain-specific improvement for cybersecurity applications.
The paper tackled the problem of feature selection for network intrusion detection by proposing a three-objective optimization method that simultaneously minimizes the number of features while maximizing accuracy and detection rate, resulting in improved performance on datasets like NSL-KDD and UNSW-NB15 with fewer features, higher accuracy, and higher detection rate.
Network intrusion detection is one of the most important issues in the field of cyber security, and various machine learning techniques have been applied to build intrusion detection systems. However, since the number of features to describe the network connections is often large, where some features are redundant or noisy, feature selection is necessary in such scenarios, which can both improve the efficiency and accuracy. Recently, some researchers focus on using multi-objective evolutionary algorithms (MOEAs) to select features. But usually, they only consider the number of features and classification accuracy as the objectives, resulting in unsatisfactory performance on a critical metric, detection rate. This will lead to the missing of many real attacks and bring huge losses to the network system. In this paper, we propose DR-MOFS to model the feature selection problem in network intrusion detection as a three-objective optimization problem, where the number of features, accuracy and detection rate are optimized simultaneously, and use MOEAs to solve it. Experiments on two popular network intrusion detection datasets NSL-KDD and UNSW-NB15 show that in most cases the proposed method can outperform previous methods, i.e., lead to fewer features, higher accuracy and detection rate.