Abstract
Intrusion Detection System (IDS) plays an important role in the cybersecurity for preventing the platform from network attacks. To improve the overall performance of IDS, researchers have introduced machine learning methods to classify network behaviors. As the Internet develops and cyberspace expands, the network environment becomes increasingly diverse and complex. As a result, the traditional and single machine learning methods limit the development of intrusion detection systems, and it is difficult to resist the exponential growth of network attacks. To solve this problem, we propose a novel intrusion detection method based on the hybrid feature selection and stacking ensemble techniques to improve the performance of the intrusion detection system. We first apply the hybrid feature selection technique based on the filtering and embedding methods to reduce the feature dimensions. The filtering method uses the information gain rate, while the embedding method uses the feature importance from the random forest model and determines the best feature subset through the hybrid strategy. On the basis of this, a random forest binary classifier is constructed for each category before a multi-classifier is constructed by the aggregation strategy-based stacking ensemble mechanism to determine the specific type of network behavior. The experimental results show that, on the UNSW-NB15 dataset, the proposed method achieved an accuracy of 80.83% with only 9 selected best features (45 in total), which is an improvement of 5.37% compared to the baseline method. On the CICIDS2017 dataset, the accuracy of proposed model reached 99.97% with 27 features selected (75 in total), outperforming the baseline methods. The detection and recognition performance of our proposed method is better than that of traditional machine learning methods and other well-known ensemble methods in terms of accuracy, F1-Score, Cohen’s Kappa score, and false alarm rate. This indicates that our proposed model could be a useful tool in intrusion detection.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Availability of data and materials
The data and materials that support the findings of this study are available from the corresponding author upon reasonable request.
References
Kheddar H, Himeur Y, Awad AI (2023) Deep transfer learning for intrusion detection in industrial control networks: A comprehensive review. J Netw Comput Appl 220:103760
Talukder MA, Hasan KF, Islam MM, Uddin MA, Akhter A, Yousuf MA, Alharbi F, Moni MA (2023) A dependable hybrid machine learning model for network intrusion detection. J Inf Sec Appl 72:103405
Chou D, Jiang M (2021) A survey on data-driven network intrusion detection. ACM Comput Surv (CSUR) 54(9):1–36
Aceto G, Ciuonzo D, Montieri A, Pescapé A (2018) Multi-classification approaches for classifying mobile app traffic. J Netw Comput Appl 103:131–145
Zhou Y, Cheng G, Jiang S, Dai M (2020) Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput Netw 174:107247
Mahdavisharif M, Jamali S, Fotohi R (2021) Big data-aware intrusion detection system in communication networks: A deep learning approach. J Grid Comput 19:1–28
Xu G (2021) Research on network intrusion detection method based on machine learning. In: Journal of Physics: Conference Series, vol 1861, p 012034. IOP Publishing
Albulayhi K, Abu Al-Haija Q, Alsuhibany SA, Jillepalli AA, Ashrafuzzaman M, Sheldon FT (2022) Iot intrusion detection using machine learning with a novel high performing feature selection method. Appl Sci 12(10):5015
Ahmed HA, Hameed A, Bawany NZ (2022) Network intrusion detection using oversampling technique and machine learning algorithms. PeerJ Comp Sci 8:820
Al-Sarem M, Saeed F, Alkhammash EH, Alghamdi NS (2022) An aggregated mutual information based feature selection with machine learning methods for enhancing iot botnet attack detection. Sensors 22(1):185
Nasir M, Javed AR, Tariq MA, Asim M, Baker T (2022) Feature engineering and deep learning-based intrusion detection framework for securing edge IOT. J Supercomput 1–15
Kasongo SM, Sun Y (2020) Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. J Big Data 7:1–20
Liu Z, Thapa N, Shaver A, Roy K, Siddula M, Yuan X, Yu A (2021) Using embedded feature selection and CNN for classification on CCD-INID-V1–a new IOT dataset. Sensors 21(14):4834
Rashid M, Kamruzzaman J, Imam T, Wibowo S, Gordon S (2022) A tree-based stacking ensemble technique with feature selection for network intrusion detection. Appl Intell 52(9):9768–9781
Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y (2009) Intrusion detection by machine learning: A review. Expert Syst Appl 36(10):11994–12000
Bhati NS, Khari M (2022) A new ensemble based approach for intrusion detection system using voting. J Intell Fuzzy Syst 42(2):969–979
Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IOT intrusion detection. Knowl-Based Syst 279:110941
Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. Sec Commun Netw 2020:1–9
Bovenzi G, Aceto G, Ciuonzo D, Montieri A, Persico V, Pescapé A (2023) Network anomaly detection methods in iot environments via deep learning: A fair comparison of performance and robustness. Comp Sec 128:103167
Zhao R, Mu Y, Zou L, Wen X (2022) A hybrid intrusion detection system based on feature selection and weighted stacking classifier. IEEE Access. 10:71414–71426
Zhang H, Li J-L, Liu X-M, Dong C (2021) Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection. Futur Gener Comput Syst 122:130–143
Yu L, Liu H (2003) Feature selection for high-dimensional data: A fast correlation-based filter solution. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp 856–863
Hasan MAM, Nasser M, Ahmad S, Molla KI (2016) Feature selection for intrusion detection using random forest. J Inf Secur 7(3):129–140
Kumar G, Thakur K, Ayyagari MR (2020) Mlesidss: machine learning-based ensembles for intrusion detection systems—a review. J Supercomput 76:8938–8971
Tama BA, Rhee K-H (2017) Performance evaluation of intrusion detection system using classifier ensembles. Int J Internet Protoc Technol 10(1):22–29
Cao X, Chu N, Lin H (2020) Research on target recognition method based on integrated learning. In: 2020 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp 927–929. IEEE
Jiang S, Mao H, Ding Z, Fu Y (2019) Deep decision tree transfer boosting. IEEE Trans Neural Netwo Learn Syst 31(2):383–395
Resende PAA, Drummond AC (2018) A survey of random forest based methods for intrusion detection systems. ACM Comp Surv (CSUR) 51(3):1–36
Chand N, Mishra P, Krishna CR, Pilli ES, Govil MC (2016) A comparative analysis of svm and its stacking with other classification algorithm for intrusion detection. In: 2016 International Conference on Advances in Computing, Communication, & Automation (ICACCA)(Spring), pp 1–6. IEEE
Ioannou C, Vassiliou V (2018) An intrusion detection system for constrained wsn and iot nodes based on binary logistic regression. In: Proceedings of the 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp 259–263
Kanimozhi P, Aruldoss Albert Victoire T (2022) Oppositional tunicate fuzzy c-means algorithm and logistic regression for intrusion detection on cloud. Concurrency and Computation: Practice and Experience 34(4):6624
Besharati E, Naderan M, Namjoo E (2019) Lr-hids: logistic regression host-based intrusion detection system for cloud environments. J Ambient Intell Humaniz Comput 10:3669–3692
Jiang M, Liang Y, Feng X, Fan X, Pei Z, Xue Y, Guan R (2018) Text classification based on deep belief network and softmax regression. Neural Comput Appl 29:61–70
Siddique K, Akhtar Z, Khan FA, Kim Y (2019) Kdd cup 99 data sets: A perspective on the role of data sets in network intrusion detection research. Computer 52(2):41–51
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp 1–6. IEEE
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 1:108–116
Landis JR, Koch GG (1977) The measurement of observer agreement for categorical data. Biometrics 159–174
Zhao Q, Hautamaki V, Fränti P (2008) Knee point detection in BIC for detecting the number of clusters. In: International Conference on Advanced Concepts for Intelligent Vision Systems, pp 664–673. Springer
Onumanyi AJ, Molokomme DN, Isaac SJ, Abu-Mahfouz AM (2022) Autoelbow: An automatic elbow detection method for estimating the number of clusters in a dataset. Appl Sci 12(15):7515
Farrukh YA, Wali S, Khan I, Bastian ND (2023) Detecting unknown attacks in iot environments: An open set classifier for enhanced network intrusion detection. In: MILCOM 2023-2023 IEEE Military Communications Conference (MILCOM), pp 121–126. IEEE
Wei K, Zang H, Pan Y, Wang G, Shen Z (2024) Strategic application of ai intelligent algorithm in network threat detection and defense. J Theory Practice Eng Sci 4(01):49–57
Kasongo SM, Sun Y (2019) A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7:38597–38607
Kasongo SM, Sun Y (2020) A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Comp Sec 92:101752
Nazir A, Khan RA (2021) A novel combinatorial optimization based feature selection method for network intrusion detection. Comp Sec 102:102164
Bouke MA, Abdullah A, ALshatebi SH, Abdullah MT, El Atigh H, (2023) An intelligent ddos attack detection tree-based model using gini index feature selection method. Microprocess Microsyst 98:104823
Dey AK, Gupta GP, Sahu SP (2023) A metaheuristic-based ensemble feature selection framework for cyber threat detection in IOT-enabled networks. Decis Anal J 7:100206
Thockchom N, Singh MM, Nandi, U (2023) A novel ensemble learning-based model for network intrusion detection. Complex Intell Syst 1–22
Coscrato V, Almeida Inacio MH, Izbicki R (2020) The NN-stacking: Feature weighted linear stacking through neural networks. Neurocomputing 399:141–152
Author information
Authors and Affiliations
Contributions
Yongqing Huang: Conceptualization, Methodology, Investigation, Formal analysis, Software, Validation, Resources, Writing - original draft. Guoqing Chen: Conceptualization, Methodology, Supervision, Writing - review & editing. Jin Gou: Conceptualization, Methodology, Supervision, Writing - review & editing. Zongwen Fan: Conceptualization, Methodology, Supervision, Writing - review & editing. Yongxin Liao: Methodology, Supervision, Writing - review & editing.
Corresponding author
Ethics declarations
Ethical approval
Not applicable
Consent to publication
Not applicable
Competing interests
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Huang, Y., Chen, G., Gou, J. et al. A hybrid feature selection and aggregation strategy-based stacking ensemble technique for network intrusion detection. Appl Intell 55, 28 (2025). https://doi.org/10.1007/s10489-024-06015-7
Accepted:
Published:
DOI: https://doi.org/10.1007/s10489-024-06015-7