Feature Drift Aware for Intrusion Detection System Using Developed Variable Length Particle Swarm Optimization in Data Stream

Intrusion Detection Systems (IDS) serve as critical components in safeguarding network security by detecting malicious activities. Although IDS has recently been treated primarily through the lens of machine learning, challenges persist, particularly with high-dimensional data and feature drift. Feature drift pertains to the dynamic nature of feature significance, which can fluctuate over time, complicating the task of stable and effective intrusion detection. The existing Genetic Programming (GP)-combiner based ensemble classifier framework demonstrates notable efficiency in online intrusion detection, especially in accommodating concept drift. However, it does not adequately address the specific type of concept drift known as feature drift. To rectify this gap, this article proposes a refined version of GP-combiner, named Dynamic Feature Aware GP Ensemble (DFA-GPE). This advanced framework incorporates an improved variant of Variable Length Multi-Objective Particle Swarm Optimization (VLMO-PSO) to dynamically manage feature drift. The proposed VLMO-PSO employs a smart population initialization strategy based on Bernoulli distribution and symmetric uncertainty. It also utilizes a unique set of transfer functions that map the mobility equation outcomes to the decision space. To further optimize the process, the framework introduces a novel exemplar selection method, striking a balance between exploration and exploitation. DFA-GPE’s final feature selection decisions are informed by statistical analyses of feature weights, effectively addressing the challenge of dynamic feature selection as a multi-objective optimization problem that simultaneously enhances accuracy and conserves memory. Comprehensive evaluation of DFA-GPE on two benchmark datasets, namely HIKARI 2021 and TON_IoT 2020, reveals its robust performance across all metrics. From experiment results, our framework attains 99.09% and 92.64% accuracy on both datasets, respectively, while simultaneously reducing memory consumption. Hence, DFA-GPE emerges as a comprehensive framework adept at tackling the most pertinent issues related to stream data classification within IDS, notably outperforming existing methodologies.