An optimized adaptive ensemble model with feature selection for network intrusion detection

Summary Network intrusion detection system (NIDS) is a key component to identify abnormal behavior of network systems and plays an important role in preventing the occurrence of network attacks. Although a considerable number of machine learning methods have been applied in the field of intrusion de...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Concurrency and computation 2023-02, Vol.35 (4), p.n/a
Hauptverfasser: Yang, Zhongjun, Liu, Zhi, Zong, Xuejun, Wang, Guogang
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Summary Network intrusion detection system (NIDS) is a key component to identify abnormal behavior of network systems and plays an important role in preventing the occurrence of network attacks. Although a considerable number of machine learning methods have been applied in the field of intrusion detection, it is still a challenge for existing solutions to achieve a good classification performance. The existing traffic datasets generally have redundant and irrelevant features, which hinder classifiers from making more accurate predictions. Furthermore, a single classifier has limited classification performance and may not be able to achieve a better detection performance overall in the face of unbalanced multi‐category traffic data. Therefore, in order to improve the classification performance of intrusion detection models, this paper proposes an adaptive ensemble model by combining feature selection techniques and effective ensemble methods. Firstly, a heuristic feature selection algorithm (NRS‐SSA) is proposed by introducing the neighborhood dependency degree of the neighborhood rough set (NRS) into the salp swarm algorithm (SSA). Then, an improved adaptive weighted voting algorithm is designed. The SSA is introduced to optimize the weight matrix when setting the voting weight. Finally, we use the designed voting algorithm to combine the classification advantages of homogeneous classifiers and heterogeneous classifiers, respectively, and propose an M‐Tree algorithm and an adaptive ensemble model. The experimental results on multiple intrusion detection datasets show that the proposed adaptive ensemble model achieves an advanced detection level.
ISSN:1532-0626
1532-0634
DOI:10.1002/cpe.7529