A Hybrid Intrusion Detection with Decision Tree for Feature Selection

Publication Type:

Journal article preview


Information & Security: An International Journal, Volume 49 (2021)


big data, feature selection, hybrid IDS, IDS dataset, intrusion detection, machine learning algorithms


Intrusion detection systems (IDS) typically take high computational complexity to examine data features and identify intrusion patterns due to the size and nature of the current intrusion detection datasets. Data pre-processing techniques (such as feature selection) are being used to reduce such complexity by eliminating irrelevant and redundant features in such datasets. The objective of this study is to analyse the effectiveness and efficiency of some feature selection approaches, namely wrapper-based and filter-based modelling approaches. To achieve that, machine learning models are designed in a hybrid approach with either wrapper or filter selection processes. Five machine learning algorithms are used on the wrapper and filter-based feature selection methods to build the IDS models using the UNSW-NB15 dataset. The wrapper-based hybrid intrusion detection model comprises a decision tree algorithm to guide the selection process and three filter-based methods, namely information gain, gain ratio, and relief, are used for comparison to determine the efficiency and effectiveness of the wrapper approach. Furthermore, a comparison with other state-of-the-art intrusion detection approaches is performed. The experimental results show that the wrapper-based method is quite effective in comparison to state-of-the-art works; however, it requires high computational time in comparison to the filter-based methods while achieving similar results. Our work also revealed unobserved issues on the conformity of the UNSW-NB15 dataset.