Feature Selection Improves Tree-based Classification for Wireless Intrusion Detection

Abstract

With the growth of 5G wireless technologies and IoT, it become urgent to develop robust network security systems, such as intrusions detection systems (IDS) to keep the networks secure. These IDS systems need to detect unauthorized access and in real-time. However, most of the modern IDS are built based on complex machine learning models that are time-consuming to train. In this work, we propose a methodology using the SHapley Additive exPlanations (SHAP) in combination with tree-based classifiers. SHAP can be used to select consistent and small feature subsets to reduce the execution time and improve classification accuracy. We demonstrate the proposed approach with the Aegean Wi-Fi Intrusion Dataset (AWID) dataset in a series of multi-class classification experiments. Among the four classes (normal, injection, flooding and impersonation), it is well-known that the class impersonation is hard to be classified accurately. Tests show that we can use about 10% of the initial feature set without reducing the overall prediction accuracy. With this reduced set of features, the training time could be reduced as much as a factor of four, while slightly improving the discriminating ability to identify impersonation instances. This study suggests that by reducing the number of features, the classification algorithms are able to focus on key trends that differentiates the attacks classes from the normal class. Using a reduces subset of features improves IDS's accuracy and performance. Also, SHAP dependence plots capture the relationship between individual features and the classification decision.