Evolutionary wrapper algorithm for attack detection

Abstract

This thesis presents a new evolutionary algorithm developed for selecting important features in cybersecurity, particularly for identifying and categorizing cyberattacks using decision tree-based models. It tackles common problems in intrusion detection systems (IDS) such as unbalanced data, unnecessary features, and the shortcomings of current methods, aiming to make classification models more efficient and effective. The algorithm is specifically designed for cybersecurity data, and it successfully reduces the number of features needed while also improving the quality of the classification. A key aspect of this research is the introduction of a new component in the algorithm that focuses on the most informative features, using insights from random forest classifiers. This results in models that are more capable of dealing with a wide range of complex cybersecurity threats. The algorithm excels in managing large amounts of data and exploring multiple solutions simultaneously. It can create various optimal models tailored to different IDS needs. Tests using standard datasets like NSL-KDD and CICIDS2017 show that the algorithm is versatile and effective in various data scenarios. The thesis concludes with ideas for future work, highlighting the potential of this evolutionary algorithm for wider use in cybersecurity. This includes adapting it to new threats and combining it with automated incident response systems. Overall, this research greatly contributes to both the theory and practice of selecting features for attack detection and classification, and it offers new opportunities for improving IDS in a constantly changing digital environment.