結合機器學習與混合式特徵選擇於入侵偵測系統之研究

Integration of Machine Learning and Hybrid Feature Selection for Intrusion Detection Systems

隨著網際網路於各類應用中之深度滲透，資訊安全議題日益受到重視，如何有效偵測並防範潛藏於網路流量中的惡意攻擊，已成為當前網路安全領域的重要研究課題之一。入侵檢測系統（Intrusion Detection System, IDS）作為防禦架構中的關鍵技術，能夠透過機器學習（Machine Learning, ML）方法進行異常行為分析與判斷，進而提升威脅偵測的準確性與即時性，其中特徵的保留和刪除並提高準確度是本研究的重點，因此本研究採用混合式特徵選擇，將特徵選擇中的過濾法和包裝法進行結合，提高過濾法快速剔除特徵後的準確率，改善包裝法篩選特徵子集中的低效率，並且結合XGBoost分類器作為本研究網路檢測攻擊行為的模型。根據實驗結果，在UNSW-NB15的資料集上，混合式的特徵選擇在準確率與預測時間，相較於單一使用特徵選擇方法效果皆是方法中為最佳，在即時預測攻擊行為的結果中，各分類器相較於其他的特徵選擇方法，皆花費最少的時間進行預測，有效的縮減模型在判斷攻擊行為預測時間。

The increasing depth and prevalence of Internet use have heightened information security risks. The detection and prevention of malicious attacks hidden in network traffic has become a critical research topic in cybersecurity. Intrusion detection systems are a key aspect of defense architectures, and many leverage machine learning to detect anomalous behavior, and thus potential threats, in an accurate and timely manner. In this study, we investigate the effects of feature retention and elimination on detection accuracy. A hybrid feature selection method is proposed in which filter and wrapper approaches are combined to optimize both efficiency and performance. Specifically, the filter method is used to rapidly eliminate irrelevant features, improving overall accuracy, whereas the wrapper method is used to effectively handle the inherently inefficient process of feature selection. The XGBoost classifier is also integrated into the proposed model as the core mechanism for detecting network intrusion behaviors. The proposed method was evaluated on the UNSW-NB15 dataset and outperformed individual feature selection methods in both accuracy and prediction time. In real-time attack prediction scenarios, the classifiers using the hybrid feature selection method consistently achieved the shortest prediction time among all methods, effectively reducing latency in the detection of malicious activities.