Joint Rough Set Theory and XGBoost-Based Learning for Network Intrusion Detection System

Recent advances in computing, storage, embedded systems, wireless communication, and networking technologies have led to the Internet of Things (IoT) where smart things/devices are connected to the Internet and generate big data. These massive number of connectivity in IoT and big data flow has led to an expansion of the attack surfaces for cyber adversaries. Recently, there have been significant research for developing network intrusion detection systems (NIDSs) to detect malicious activities by using deep learning. However, the effectiveness of deep learning is limited in network security due to the significant role of the heterogeneous structured datasets that are primarily organized in a tabular format, representing a challenge for deep learning models without such structured datasets. Next, imbalanced data further hinders deep learning models' ability to learn malicious behavior, impeding accurate intrusion detection. Furthermore, recent research has indicated that learning without domain knowledge can lead to overfitting and poor performance on independent datasets. To address these aforementioned challenges, we leveraged the gradient boosting machines (GBMs) named XGBoost combined with rough set theory. For performance evaluation and effectiveness of our proposed approach, we present experimental results using various datasets from different network environments and the results have demonstrated that the proposed approach significantly outperforms the state-of-the-art NIDSs (where accuracy, precision, F1-score, and recall are higher by about 7%, 3%, 8%, and 2%, respectively, compared to other related approaches).