Abstract:Network anomaly detection (NAD) is a crucial Artificial Intelligence (AI)-based security solution for protecting computer networks. However, analyzing high-dimensional data is a significant impediment for NAD systems. The process of Feature Selection (FS) addresses this challenge by reducing or eliminating irrelevant or redundant features. Conventional FS algorithms face the drawbacks of diminished accuracy, elevated computational costs, and the inclusion of irrelevant and redundant features. This paper presents a novel three-fold Hybrid Filter-Clustering-Coevolutionary Wrapper (HFCCW) based FS approach to overcome these issues. The proposed method integrates filter and clustering techniques in the initial phases to prevent irrelevant and redundant features from being included. The first phase involves removing irrelevant features by employing the Fisher score filter method, followed by the application of clustering based on the Minimum Spanning Tree (MST) in the second phase. The second phase aims to eliminate redundant features and effectively narrow down the search space of the coevolutionary algorithm in the third phase. The method employed in the third phase adeptly integrates the strengths of particle swarm optimization (PSO) and binary grey wolf optimization (BGWO) techniques, effectively harmonizing the exploration and exploitation trade-off in the optimization process. The incorporation of the Levy Flight (LF) concept in the final iterations of BGWOPSO enhances the search steps of GWO during the third phase. It addresses the issue of GWO being confined to local optima. This improvement is achieved by applying BLFGWOPSO in the final phase of the proposed HFCCW approach. Empirical findings on the CICIDS2017 dataset substantiate the efficacy of the proposed method in enhancing classification accuracy, selecting optimal feature subsets with fewer features, reducing computing costs and improving convergence rates. Furthermore, the proposed method achieves a favorable trade-off between accuracy and computing time when contrasted with state-of-the-art methods such as filter, metaheuristic-based wrapper, and hybrid FS approaches.

HFCCW: A Novel Hybrid Filter-Clustering-Coevolutionary Wrapper Feature Selection Approach for Network Anomaly Detection

CBFS: A Clustering-Based Feature Selection Mechanism for Network Anomaly Detection

A Novel Hybrid Algorithm for Feature Selection

A many-objective integrated evolutionary algorithm for feature selection in anomaly detection

Improved Grey Wolf Optimization- (IGWO-) Based Feature Selection on Multiview Features and Enhanced Multimodal-Sequential Network Intrusion Detection Approach

Coarse and fine feature selection for Network Intrusion Detection Systems ( IDS ) in IoT networks

A novel hybrid wrapper–filter approach based on genetic algorithm, particle swarm optimization for feature subset selection

Feature Selection Algorithm For Intrusion Detection Using Cuckoo Search Algorithm

A hybrid feature selection for network intrusion detection systems: Central points

Feature selection based on dataset variance optimization using Hybrid Sine Cosine – Firehawk Algorithm (HSCFHA)

A Modified Hybrid Method Based on PSO, GA, and K-Means for Network Anomaly Detection

Intrusion detection based on hybrid metaheuristic feature selection

Implementation of adaptive scheme in evolutionary technique for anomaly-based intrusion detection

An improved Harris Hawks optimizer based feature selection technique with effective two-staged classifier for network intrusion detection system

Genetic Algorithm based feature selection and Naïve Bayes for anomaly detection in fog computing environment

Leveraging Metaheuristics for Feature Selection With Machine Learning Classification for Malicious Packet Detection in Computer Networks

Fuzzy Local Information and Bhattacharya-Based C-Means Clustering and Optimized Deep Learning in Spark Framework for Intrusion Detection

Metaheuristic and Data Mining Algorithms-based Feature Selection Approach for Anomaly Detection

Optimizing Network Anomaly Detection Scheme Using Instance Selection Mechanism

IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset

Combinatorial Optimization based Feature Selection Method: A study on Network Intrusion Detection