CHAMELEON: Optimized feature selection using particle swarm optimization and ensemble methods for network anomaly detection

In this paper, we propose an optimization approach by leveraging swarm intelligence and ensemble methods to solve the non-deterministic feature selection problem. The proposed approach is validated on two benchmark datasets, namely, NSL-KDD and UNSW-NB15, in addition to a third dataset, called IoT-Zeek dataset, which consists of Zeek network-based intrusion detection connection logs. We build the IoT-Zeek dataset by employing ensemble classification and deep learning models using publicly available malicious and benign threat intelligence on the Zeek connection logs of IoT devices. Moreover, we deploy and validate a deep learning-based anomaly detection model using autoencoders on each of the aforementioned datasets by utilizing the selected features obtained from the proposed optimization approach. The obtained results demonstrate that our approach outperform the existing state-of-the-art machine learning models in terms of f(1) score results, with 92.092% f(1) score on NSL-KDD dataset, 92.904 f(1) score on UNSW-NB15 dataset, and 97.302 f(1) score on IoT-Zeek dataset. (C) 2022 Elsevier Ltd. All rights reserved.