Enhancing IoT security: A comparative study of feature reduction techniques for intrusion detection system

• Published in: Intelligent systems with applications Vol. 23; p. 200407
• Main Authors: Li, Jing, Chen, Hewan, Shahizan, Mohd Othman, Yusuf, Lizawati Mi
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.09.2024; Elsevier
• Subjects: Attack classification; Feature reduction; Internet of things; Intrusion detection; Machine learning; Attack classification; Internet of things; Intrusion detection; Feature reduction; Machine learning
• ISSN: 2667-3053; 2667-3053
• DOI: 10.1016/j.iswa.2024.200407

Dimensionality reduction is vital to machine learning-based network intrusion detection systems, particularly for IoT networks, which are sensitive to computational resources. Two directions are mostly used: feature selection and feature extraction. Thus, this paper conducted a comparative evaluation of these two methods with the following key contributions:•A comprehensive performance evaluation between feature selection and feature extraction, involving performance metrics and run-time using the IoT data set, is conducted and evaluated.•The 3-phase machine learning pipeline framework, involving data preprocessing, feature reduction, and classification with multiple machine learning classifiers, is created for performance evaluation.•The NIDS for IoT is tested using public IoT datasets, named Network TON-IoT, to build models and compare performance between two feature reduction methods. Internet of Things (IoT) devices are extensively utilized but are susceptible to cyberattacks, posing significant security challenges. To mitigate these threats, machine learning techniques have been implemented for network intrusion detection in IoT environments. These techniques commonly employ various feature reduction methods, prior to inputting data into models, in order to enhance the efficiency of detection processes to meet real-time requirements. This study provides a comprehensive comparison of feature selection (FS) and feature extraction (FE) techniques for network intrusion detection systems (NIDS) in IoT environments, utilizing the TON-IoT and BoT-IoT datasets for both binary and multi-class classification tasks. We evaluated FS methods, including Pearson correlation and Chi-square, and FE methods, such as Principal Component Analysis (PCA) and Autoencoders (AE), across five classic machine learning models: Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), k-Nearest Neighbors (kNN), and Multi-Layer Perceptron (MLP). Our analysis revealed that FE techniques generally achieve higher accuracy and robustness compared to FS methods, with RF paired with AE delivering superior performance despite higher computational demands. DTs are most effective with smaller feature sets, while MLPs excel with larger sets. Chi-square is identified as the most efficient FS method, balancing performance and computational efficiency, whereas PCA outperforms AE in runtime efficiency. The study also highlights that FE methods are more effective for complex datasets and less sensitive to feature set size, whereas FS methods show significant performance improvements with more informative features. Despite the higher computational costs of FE methods, they demonstrate a greater capability to detect diverse attack types, making them particularly suitable for complex IoT environments. These findings are crucial for both academic research and industry applications, providing insights into optimizing detection performance and computational efficiency in NIDS for IoT networks.