Filter Versus Wrapper Feature Selection for Network Intrusion Detection System

Abstract

With the increased usage of the Internet, the need for providing security and privacy to protect computer networks is increased too. Network intrusion detection system (NIDS) is intended to observe and inspect the activities in a network. This system is highly dependent on the features of the input network data as these features describe the behaviour of the current network activities. Not only do the irrelevant and redundant network features cause the learning algorithm to build an inaccurate detection model, but they also increase the time complexity and exhaust computation resources as well. In this paper, several feature selection techniques are applied to boost the performance of the NIDS. Categories of the applied selection techniques are of the filter (Information Gain (IG), Principal Component Analysis (PCA), and Correlation Feature Selection (CFS)) and of the wrapper (Genetic Algorithm (GA), Artificial Bee Colony (ABC) and Particle Swarm Optimization (PSO)). Support vector machine (SVM) is utilized to classify the network connections. The benchmark network traffic NSL-KDD dataset is selected to build and test the NIDS. The impact of the applied selection approaches on enhancing the detection model performance is compared and discussed. Evaluation results stated that the wrapper approaches achieved better classification performance for the NIDS in terms of high classification accuracy, detection rate, true positive rates, and low false-positive rates than the filter approaches. Our ABC-NIDS is compared with other related NIDSs and the comparison result proved that our system achieved the best performance.