SMMO-CoFS: Synthetic Multi-minority Oversampling with Collaborative Feature Selection for Network Intrusion Detection System

Abstract

Researchers publish various studies to improve the performance of network intrusion detection systems. However, there is still a high false alarm rate and missing intrusions due to class imbalance in the multi-class dataset. This imbalanced distribution of classes results in low detection accuracy for the minority classes. This paper proposes a Synthetic Multi-minority Oversampling (SMMO) framework by integrating with a collaborative feature selection (CoFS) approach in network intrusion detection systems. Our framework aims to increase the detection accuracy of the extreme minority classes (i.e., user-to-root and remote-to-local attacks) by improving the dataset’s class distribution and selecting relevant features. In our framework, SMMO generates synthetic data and iteratively over-samples multi-minority classes. And the collaboration of correlation-based feature selection with an evolutionary algorithm selects essential features. We evaluate our framework with a random forest, J48, BayesNet, and AdaBoostM1. In a multi-class NSL-KDD dataset, the experimental results show that the proposed framework significantly improves the detection accuracy of the extreme minority classes compared with other approaches.