{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T16:00:11Z","timestamp":1780675211787,"version":"3.54.1"},"reference-count":49,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["BDCC"],"abstract":"<jats:p>As a system capable of monitoring and evaluating illegitimate network access, an intrusion detection system (IDS) profoundly impacts information security research. Since machine learning techniques constitute the backbone of IDS, it has been challenging to develop an accurate detection mechanism. This study aims to enhance the detection performance of IDS by using a particle swarm optimization (PSO)-driven feature selection approach and hybrid ensemble. Specifically, the final feature subsets derived from different IDS datasets, i.e., NSL-KDD, UNSW-NB15, and CICIDS-2017, are trained using a hybrid ensemble, comprising two well-known ensemble learners, i.e., gradient boosting machine (GBM) and bootstrap aggregation (bagging). Instead of training GBM with individual ensemble learning, we train GBM on a subsample of each intrusion dataset and combine the final class prediction using majority voting. Our proposed scheme led to pivotal refinements over existing baselines, such as TSE-IDS, voting ensembles, weighted majority voting, and other individual ensemble-based IDS such as LightGBM.<\/jats:p>","DOI":"10.3390\/bdcc6040137","type":"journal-article","created":{"date-parts":[[2022,11,14]],"date-time":"2022-11-14T02:26:37Z","timestamp":1668392797000},"page":"137","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8274-0990","authenticated-orcid":false,"given":"Maya Hilda Lestari","family":"Louk","sequence":"first","affiliation":[{"name":"Department of Informatics Engineering, University of Surabaya, Surabaya 60293, Indonesia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1821-6438","authenticated-orcid":false,"given":"Bayu Adhi","family":"Tama","sequence":"additional","affiliation":[{"name":"Department of Information Systems, University of Maryland, Baltimore County (UMBC), Baltimore, MD 21250, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,11,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Ghorbani, A.A., Lu, W., and Tavallaee, M. (2009). Network Intrusion Detection and Prevention: Concepts and Techniques, Springer Science & Business Media.","DOI":"10.1007\/978-0-387-88771-5"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Bhattacharyya, D.K., and Kalita, J.K. (2013). Network Anomaly Detection: A Machine Learning Perspective, CRC Press.","DOI":"10.1201\/b15088"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"3211","DOI":"10.1007\/s11831-020-09496-0","article-title":"A review on machine learning and deep learning perspectives of IDS for IoT: Recent updates, security issues, and challenges","volume":"28","author":"Thakkar","year":"2021","journal-title":"Arch. Comput. Methods Eng."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Rokach, L. (2010). Pattern Classification Using Ensemble Methods, World Scientific.","DOI":"10.1142\/9789814271073"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"100357","DOI":"10.1016\/j.cosrev.2020.100357","article-title":"Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation","volume":"39","author":"Tama","year":"2021","journal-title":"Comput. Sci. Rev."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1729","DOI":"10.1587\/transinf.2016ICP0018","article-title":"HFSTE: Hybrid Feature Selections and Tree-Based Classifiers Ensemble for Intrusion Detection System","volume":"100D","author":"Tama","year":"2017","journal-title":"IEICE Trans. Inf. Syst."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"94497","DOI":"10.1109\/ACCESS.2019.2928048","article-title":"TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system","volume":"7","author":"Tama","year":"2019","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1214\/aos\/1013203451","article-title":"Greedy function approximation: A gradient boosting machine","volume":"29","author":"Friedman","year":"2001","journal-title":"Ann. Stat."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/BF00058655","article-title":"Bagging predictors","volume":"24","author":"Breiman","year":"1996","journal-title":"Mach. Learn."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","article-title":"Survey of intrusion detection systems: Techniques, datasets and challenges","volume":"2","author":"Khraisat","year":"2019","journal-title":"Cybersecurity"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3178582","article-title":"A Survey of Random Forest Based Methods for Intrusion Detection Systems","volume":"51","author":"Resende","year":"2018","journal-title":"ACM Comput. Surv."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1016\/j.cose.2016.11.004","article-title":"A survey of intrusion detection systems based on ensemble and hybrid classifiers","volume":"65","author":"Aburomman","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"453","DOI":"10.1007\/s10462-021-10037-9","article-title":"A survey on intrusion detection system: Feature selection, model, performance measures, application perspective, challenges, and future research directions","volume":"55","author":"Thakkar","year":"2022","journal-title":"Artif. Intell. Rev."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"8774","DOI":"10.1109\/JIOT.2020.3048439","article-title":"Application domains, evaluation data sets, and research challenges of IoT: A Systematic Review","volume":"8","author":"Lohiya","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"636","DOI":"10.1016\/j.procs.2020.03.330","article-title":"A review of the advancement in intrusion detection datasets","volume":"167","author":"Thakkar","year":"2020","journal-title":"Procedia Comput. Sci."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"e4524","DOI":"10.1002\/dac.4524","article-title":"Security anomaly detection in software-defined networking based on a prediction technique","volume":"33","author":"Jafarian","year":"2020","journal-title":"Int. J. Commun. Syst."},{"key":"ref_17","first-page":"102601","article-title":"A comparison of two hybrid ensemble techniques for network anomaly detection in spark distributed environment","volume":"55","author":"Kaur","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"138451","DOI":"10.1109\/ACCESS.2021.3116219","article-title":"A novel ensemble framework for an intelligent intrusion detection system","volume":"9","author":"Seth","year":"2021","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"102448","DOI":"10.1016\/j.cose.2021.102448","article-title":"An effective genetic algorithm-based feature selection method for intrusion detection systems","volume":"110","author":"Halim","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"102164","DOI":"10.1016\/j.cose.2020.102164","article-title":"A novel combinatorial optimization based feature selection method for network intrusion detection","volume":"102","author":"Nazir","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2099","DOI":"10.1007\/s10586-021-03249-9","article-title":"Distributed anomaly detection using concept drift detection based hybrid ensemble techniques in streamed network data","volume":"24","author":"Jain","year":"2021","journal-title":"Clust. Comput."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1761","DOI":"10.1007\/s10586-020-03222-y","article-title":"Efficient feature selection and classification through ensemble method for network intrusion detection on cloud computing","volume":"24","author":"Krishnaveni","year":"2021","journal-title":"Clust. Comput."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"102289","DOI":"10.1016\/j.cose.2021.102289","article-title":"A fast network intrusion detection system using adaptive synthetic oversampling and LightGBM","volume":"106","author":"Liu","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"102435","DOI":"10.1016\/j.cose.2021.102435","article-title":"STL-HDL: A new hybrid network intrusion detection system for imbalanced dataset on big data environment","volume":"110","author":"Al","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"10935","DOI":"10.1007\/s00500-021-05809-y","article-title":"A two-stage intrusion detection approach for software-defined IoT networks","volume":"25","author":"Tian","year":"2021","journal-title":"Soft Comput."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.future.2021.03.024","article-title":"Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection","volume":"122","author":"Zhang","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"102499","DOI":"10.1016\/j.cose.2021.102499","article-title":"CSE-IDS: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems","volume":"112","author":"Gupta","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"e6838","DOI":"10.1002\/cpe.6838","article-title":"Network intrusion detection based on ensemble classification and feature selection method for cloud computing","volume":"34","author":"Krishnaveni","year":"2022","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"9768","DOI":"10.1007\/s10489-021-02968-1","article-title":"A tree-based stacking ensemble technique with feature selection for network intrusion detection","volume":"52","author":"Rashid","year":"2022","journal-title":"Appl. Intell."},{"key":"ref_30","first-page":"2693948","article-title":"EFS-DNN: An Ensemble Feature Selection-Based Deep Learning Approach to Network Intrusion Detection System","volume":"2022","author":"Wang","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1016\/S0893-6080(05)80023-1","article-title":"Stacked generalization","volume":"5","author":"Wolpert","year":"1992","journal-title":"Neural Netw."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1613\/jair.594","article-title":"Issues in stacked generalization","volume":"10","author":"Ting","year":"1999","journal-title":"J. Artif. Intell. Res."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"164","DOI":"10.1108\/03684921311295547","article-title":"Boosting: Foundations and algorithms","volume":"42","author":"Schapire","year":"2013","journal-title":"Kybernetes"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1016\/j.inffus.2022.09.026","article-title":"Fusion of statistical importance for feature selection in Deep Neural Network-based Intrusion Detection System","volume":"90","author":"Thakkar","year":"2022","journal-title":"Inf. Fusion"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1249","DOI":"10.1007\/s12652-020-02167-9","article-title":"Attack classification using feature selection techniques: A comparative study","volume":"12","author":"Thakkar","year":"2021","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"100631","DOI":"10.1016\/j.swevo.2019.100631","article-title":"Role of swarm and evolutionary algorithms for intrusion detection system: A survey","volume":"53","author":"Thakkar","year":"2020","journal-title":"Swarm Evol. Comput."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A.A. (2009, January 8\u201310). A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada.","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015, January 10\u201312). UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref_39","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume":"1","author":"Sharafaldin","year":"2018","journal-title":"ICISSp"},{"key":"ref_40","unstructured":"Hall, M.A. (1999). Correlation-Based Feature Selection for Machine Learning. [Ph.D. Thesis, The University of Waikato]."},{"key":"ref_41","unstructured":"Kennedy, J., and Eberhart, R.C. (1997, January 12\u201315). A discrete binary version of the particle swarm algorithm. Proceedings of the 1997 IEEE International Conference on Systems, Man, and Cybernetics, Computational Cybernetics and Simulation, Orlando, FL, USA."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Brodersen, K.H., Ong, C.S., Stephan, K.E., and Buhmann, J.M. (2010, January 23\u201326). The balanced accuracy and its posterior distribution. Proceedings of the 2010 20th International Conference on Pattern Recognition, Istanbul, Turkey.","DOI":"10.1109\/ICPR.2010.764"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1186\/s13040-021-00244-z","article-title":"The Matthews correlation coefficient (MCC) is more reliable than balanced accuracy, bookmaker informedness, and markedness in two-class confusion matrix evaluation","volume":"14","author":"Chicco","year":"2021","journal-title":"BioData Min."},{"key":"ref_44","first-page":"1","article-title":"Statistical comparisons of classifiers over multiple data sets","volume":"7","year":"2006","journal-title":"J. Mach. Learn. Res."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"24120","DOI":"10.1109\/ACCESS.2020.2969428","article-title":"An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble","volume":"8","author":"Tama","year":"2020","journal-title":"IEEE Access"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1016\/j.neucom.2019.11.016","article-title":"A novel statistical analysis and autoencoder driven intelligent intrusion detection approach","volume":"387","author":"Ieracitano","year":"2020","journal-title":"Neurocomputing"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"107247","DOI":"10.1016\/j.comnet.2020.107247","article-title":"Building an efficient intrusion detection system based on feature selection and ensemble classifier","volume":"174","author":"Zhou","year":"2020","journal-title":"Comput. Netw."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"105980","DOI":"10.1016\/j.asoc.2019.105980","article-title":"An efficient feature selection based Bayesian and Rough set approach for intrusion detection","volume":"87","author":"Prasad","year":"2020","journal-title":"Appl. Soft Comput."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.future.2022.03.007","article-title":"On IoT intrusion detection based on data augmentation for enhancing learning on unbalanced samples","volume":"133","author":"Zhang","year":"2022","journal-title":"Future Gener. Comput. Syst."}],"container-title":["Big Data and Cognitive Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-2289\/6\/4\/137\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:17:13Z","timestamp":1760145433000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-2289\/6\/4\/137"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,13]]},"references-count":49,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["bdcc6040137"],"URL":"https:\/\/doi.org\/10.3390\/bdcc6040137","relation":{},"ISSN":["2504-2289"],"issn-type":[{"value":"2504-2289","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,13]]}}}