Skip to main content

Advertisement

A hybrid feature selection and aggregation strategy-based stacking ensemble technique for network intrusion detection

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Intrusion Detection System (IDS) plays an important role in the cybersecurity for preventing the platform from network attacks. To improve the overall performance of IDS, researchers have introduced machine learning methods to classify network behaviors. As the Internet develops and cyberspace expands, the network environment becomes increasingly diverse and complex. As a result, the traditional and single machine learning methods limit the development of intrusion detection systems, and it is difficult to resist the exponential growth of network attacks. To solve this problem, we propose a novel intrusion detection method based on the hybrid feature selection and stacking ensemble techniques to improve the performance of the intrusion detection system. We first apply the hybrid feature selection technique based on the filtering and embedding methods to reduce the feature dimensions. The filtering method uses the information gain rate, while the embedding method uses the feature importance from the random forest model and determines the best feature subset through the hybrid strategy. On the basis of this, a random forest binary classifier is constructed for each category before a multi-classifier is constructed by the aggregation strategy-based stacking ensemble mechanism to determine the specific type of network behavior. The experimental results show that, on the UNSW-NB15 dataset, the proposed method achieved an accuracy of 80.83% with only 9 selected best features (45 in total), which is an improvement of 5.37% compared to the baseline method. On the CICIDS2017 dataset, the accuracy of proposed model reached 99.97% with 27 features selected (75 in total), outperforming the baseline methods. The detection and recognition performance of our proposed method is better than that of traditional machine learning methods and other well-known ensemble methods in terms of accuracy, F1-Score, Cohen’s Kappa score, and false alarm rate. This indicates that our proposed model could be a useful tool in intrusion detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Algorithm 1
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Availability of data and materials

The data and materials that support the findings of this study are available from the corresponding author upon reasonable request.

References

  1. Kheddar H, Himeur Y, Awad AI (2023) Deep transfer learning for intrusion detection in industrial control networks: A comprehensive review. J Netw Comput Appl 220:103760

    Article  MATH  Google Scholar 

  2. Talukder MA, Hasan KF, Islam MM, Uddin MA, Akhter A, Yousuf MA, Alharbi F, Moni MA (2023) A dependable hybrid machine learning model for network intrusion detection. J Inf Sec Appl 72:103405

    Google Scholar 

  3. Chou D, Jiang M (2021) A survey on data-driven network intrusion detection. ACM Comput Surv (CSUR) 54(9):1–36

    Article  MATH  Google Scholar 

  4. Aceto G, Ciuonzo D, Montieri A, Pescapé A (2018) Multi-classification approaches for classifying mobile app traffic. J Netw Comput Appl 103:131–145

    Article  Google Scholar 

  5. Zhou Y, Cheng G, Jiang S, Dai M (2020) Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput Netw 174:107247

    Article  MATH  Google Scholar 

  6. Mahdavisharif M, Jamali S, Fotohi R (2021) Big data-aware intrusion detection system in communication networks: A deep learning approach. J Grid Comput 19:1–28

  7. Xu G (2021) Research on network intrusion detection method based on machine learning. In: Journal of Physics: Conference Series, vol 1861, p 012034. IOP Publishing

  8. Albulayhi K, Abu Al-Haija Q, Alsuhibany SA, Jillepalli AA, Ashrafuzzaman M, Sheldon FT (2022) Iot intrusion detection using machine learning with a novel high performing feature selection method. Appl Sci 12(10):5015

    Article  Google Scholar 

  9. Ahmed HA, Hameed A, Bawany NZ (2022) Network intrusion detection using oversampling technique and machine learning algorithms. PeerJ Comp Sci 8:820

    Article  Google Scholar 

  10. Al-Sarem M, Saeed F, Alkhammash EH, Alghamdi NS (2022) An aggregated mutual information based feature selection with machine learning methods for enhancing iot botnet attack detection. Sensors 22(1):185

    Article  MATH  Google Scholar 

  11. Nasir M, Javed AR, Tariq MA, Asim M, Baker T (2022) Feature engineering and deep learning-based intrusion detection framework for securing edge IOT. J Supercomput 1–15

  12. Kasongo SM, Sun Y (2020) Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. J Big Data 7:1–20

    Article  Google Scholar 

  13. Liu Z, Thapa N, Shaver A, Roy K, Siddula M, Yuan X, Yu A (2021) Using embedded feature selection and CNN for classification on CCD-INID-V1–a new IOT dataset. Sensors 21(14):4834

    Article  Google Scholar 

  14. Rashid M, Kamruzzaman J, Imam T, Wibowo S, Gordon S (2022) A tree-based stacking ensemble technique with feature selection for network intrusion detection. Appl Intell 52(9):9768–9781

    Article  MATH  Google Scholar 

  15. Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y (2009) Intrusion detection by machine learning: A review. Expert Syst Appl 36(10):11994–12000

    Article  MATH  Google Scholar 

  16. Bhati NS, Khari M (2022) A new ensemble based approach for intrusion detection system using voting. J Intell Fuzzy Syst 42(2):969–979

    Article  MATH  Google Scholar 

  17. Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IOT intrusion detection. Knowl-Based Syst 279:110941

    Article  MATH  Google Scholar 

  18. Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. Sec Commun Netw 2020:1–9

    Article  Google Scholar 

  19. Bovenzi G, Aceto G, Ciuonzo D, Montieri A, Persico V, Pescapé A (2023) Network anomaly detection methods in iot environments via deep learning: A fair comparison of performance and robustness. Comp Sec 128:103167

    Article  Google Scholar 

  20. Zhao R, Mu Y, Zou L, Wen X (2022) A hybrid intrusion detection system based on feature selection and weighted stacking classifier. IEEE Access. 10:71414–71426

    Article  Google Scholar 

  21. Zhang H, Li J-L, Liu X-M, Dong C (2021) Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection. Futur Gener Comput Syst 122:130–143

    Article  MATH  Google Scholar 

  22. Yu L, Liu H (2003) Feature selection for high-dimensional data: A fast correlation-based filter solution. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp 856–863

  23. Hasan MAM, Nasser M, Ahmad S, Molla KI (2016) Feature selection for intrusion detection using random forest. J Inf Secur 7(3):129–140

    MATH  Google Scholar 

  24. Kumar G, Thakur K, Ayyagari MR (2020) Mlesidss: machine learning-based ensembles for intrusion detection systems—a review. J Supercomput 76:8938–8971

    Article  MATH  Google Scholar 

  25. Tama BA, Rhee K-H (2017) Performance evaluation of intrusion detection system using classifier ensembles. Int J Internet Protoc Technol 10(1):22–29

    Article  MATH  Google Scholar 

  26. Cao X, Chu N, Lin H (2020) Research on target recognition method based on integrated learning. In: 2020 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp 927–929. IEEE

  27. Jiang S, Mao H, Ding Z, Fu Y (2019) Deep decision tree transfer boosting. IEEE Trans Neural Netwo Learn Syst 31(2):383–395

    Article  MathSciNet  MATH  Google Scholar 

  28. Resende PAA, Drummond AC (2018) A survey of random forest based methods for intrusion detection systems. ACM Comp Surv (CSUR) 51(3):1–36

    MATH  Google Scholar 

  29. Chand N, Mishra P, Krishna CR, Pilli ES, Govil MC (2016) A comparative analysis of svm and its stacking with other classification algorithm for intrusion detection. In: 2016 International Conference on Advances in Computing, Communication, & Automation (ICACCA)(Spring), pp 1–6. IEEE

  30. Ioannou C, Vassiliou V (2018) An intrusion detection system for constrained wsn and iot nodes based on binary logistic regression. In: Proceedings of the 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp 259–263

  31. Kanimozhi P, Aruldoss Albert Victoire T (2022) Oppositional tunicate fuzzy c-means algorithm and logistic regression for intrusion detection on cloud. Concurrency and Computation: Practice and Experience 34(4):6624

  32. Besharati E, Naderan M, Namjoo E (2019) Lr-hids: logistic regression host-based intrusion detection system for cloud environments. J Ambient Intell Humaniz Comput 10:3669–3692

    Article  MATH  Google Scholar 

  33. Jiang M, Liang Y, Feng X, Fan X, Pei Z, Xue Y, Guan R (2018) Text classification based on deep belief network and softmax regression. Neural Comput Appl 29:61–70

    Article  MATH  Google Scholar 

  34. Siddique K, Akhtar Z, Khan FA, Kim Y (2019) Kdd cup 99 data sets: A perspective on the role of data sets in network intrusion detection research. Computer 52(2):41–51

    Article  MATH  Google Scholar 

  35. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp 1–6. IEEE

  36. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 1:108–116

    Google Scholar 

  37. Landis JR, Koch GG (1977) The measurement of observer agreement for categorical data. Biometrics 159–174

  38. Zhao Q, Hautamaki V, Fränti P (2008) Knee point detection in BIC for detecting the number of clusters. In: International Conference on Advanced Concepts for Intelligent Vision Systems, pp 664–673. Springer

  39. Onumanyi AJ, Molokomme DN, Isaac SJ, Abu-Mahfouz AM (2022) Autoelbow: An automatic elbow detection method for estimating the number of clusters in a dataset. Appl Sci 12(15):7515

    Article  MATH  Google Scholar 

  40. Farrukh YA, Wali S, Khan I, Bastian ND (2023) Detecting unknown attacks in iot environments: An open set classifier for enhanced network intrusion detection. In: MILCOM 2023-2023 IEEE Military Communications Conference (MILCOM), pp 121–126. IEEE

  41. Wei K, Zang H, Pan Y, Wang G, Shen Z (2024) Strategic application of ai intelligent algorithm in network threat detection and defense. J Theory Practice Eng Sci 4(01):49–57

    MATH  Google Scholar 

  42. Kasongo SM, Sun Y (2019) A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7:38597–38607

    Article  Google Scholar 

  43. Kasongo SM, Sun Y (2020) A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Comp Sec 92:101752

    Article  MATH  Google Scholar 

  44. Nazir A, Khan RA (2021) A novel combinatorial optimization based feature selection method for network intrusion detection. Comp Sec 102:102164

    Article  MATH  Google Scholar 

  45. Bouke MA, Abdullah A, ALshatebi SH, Abdullah MT, El Atigh H, (2023) An intelligent ddos attack detection tree-based model using gini index feature selection method. Microprocess Microsyst 98:104823

  46. Dey AK, Gupta GP, Sahu SP (2023) A metaheuristic-based ensemble feature selection framework for cyber threat detection in IOT-enabled networks. Decis Anal J 7:100206

  47. Thockchom N, Singh MM, Nandi, U (2023) A novel ensemble learning-based model for network intrusion detection. Complex Intell Syst 1–22

  48. Coscrato V, Almeida Inacio MH, Izbicki R (2020) The NN-stacking: Feature weighted linear stacking through neural networks. Neurocomputing 399:141–152

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Contributions

Yongqing Huang: Conceptualization, Methodology, Investigation, Formal analysis, Software, Validation, Resources, Writing - original draft. Guoqing Chen: Conceptualization, Methodology, Supervision, Writing - review & editing. Jin Gou: Conceptualization, Methodology, Supervision, Writing - review & editing. Zongwen Fan: Conceptualization, Methodology, Supervision, Writing - review & editing. Yongxin Liao: Methodology, Supervision, Writing - review & editing.

Corresponding author

Correspondence to Zongwen Fan.

Ethics declarations

Ethical approval

Not applicable

Consent to publication

Not applicable

Competing interests

The authors have no competing interests to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, Y., Chen, G., Gou, J. et al. A hybrid feature selection and aggregation strategy-based stacking ensemble technique for network intrusion detection. Appl Intell 55, 28 (2025). https://doi.org/10.1007/s10489-024-06015-7

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10489-024-06015-7

Keywords