Anomaly-based intrusion detection system based on SMOTE-IPF, Whale Optimization Algorithm, and ensemble learning

Abstract

Nowadays, cybersecurity is a major worldwide problem. Intrusion detection systems (IDS) help guarantee network security by detecting malicious entries from legitimate entries in network traffic data. IDS has considerable potential for detecting dynamic cyber threats, identifying abnormalities, and identifying malicious conduct within the network. In this paper, we propose Machine Learning (ML) models with an emphasis on the Synthetic Minority Over-sampling Technique (SMOTE) with Iterative Partitioning Filter (IPF) for class imbalance and the Whale Optimization Algorithm (WOA) for feature selection. Class imbalance often results in poorly constructed ML models prioritizing the majority class. In addition, the absence of feature selection can lead to higher computational complexity without impacting performance accuracy. This study uses Bagging, AdaBoost, Extreme Gradient Boosting (XGBoost) and Extra Trees Classifier as classification models. The two widely used datasets to assess the proposed method are NLS-KDD and UNSW-NB15. The K-Fold cross-validation technique trains this model to minimize potential overfitting. These models are evaluated based on performance metrics such as accuracy, precision, recall, and F1-score. The experimental results demonstrate that the Extra Trees Classifier significantly outperforms the baseline models and achieves accuracy values of 99.9% for the NSL-KDD dataset and 97% for the UNSW-NB 15 dataset and outperforms all evaluation measures compared to baseline models for multi-classification of the IDS.