A NSGA2-LR wrapper approach for feature selection in network intrusion detection

Abstract

Feature selection is becoming a major preprocessing phase in which irrelevant and redundant features are removed, while the more informative ones are retained. The datasets used in intrusion detection systems contain many features. It is, therefore, necessary to apply a feature selection step to improve the classification performance and reduce the computation time. In this paper, we propose a multi-objective feature selection approach based on NSGA-II and logistic regression in network intrusion detection. The proposed wrapper approach is tested according to two schemes: the first uses binomial logistic regression with many binary-class datasets corresponding to each type of attack, and the second uses multinomial logistic regression with a multi-class dataset. The best obtained subsets are tested using three different decision tree classifiers namely C4.5 decision tree, Random Forest, and Naive Bayes Tree. Three datasets are used in experiments namely NSL-KDD dataset, UNSW-NB15 dataset, and CIC-IDS2017. The obtained results show better accuracy when using binary-class datasets compared to multi-class datasets. Furthermore, the two schemes for feature selection succeed in reducing the features space by removing irrelevant features and keeping only the most informative ones. The obtained results are promising compared to other approaches.