Evaluation of Anomaly-Based Intrusion Detection with Combined Imbalance Correction and Feature Selection

Andreas Heidelbach Engly, Anton Ruby Larsen, Weizhi Meng

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


Intrusion detection systems (IDSs) are an important security mechanism to protect computing resources under various environments. To detect malicious unknown events, machine learning is often used to support anomaly-based detection. However, such kind of detection often requires high quality data to ensure accuracy, which may face several issues like imbalanced data and ineffective features. In this work, we aim to evaluate a combined approach of both imbalance correction and feature selection, and explore how much it can mitigate the issues. As a study, we generate several feature-selected and imbalance-corrected datasets based on NSL-KDD data and conduct experiments on Random Forests, Neural Networks and Gradient-Boosting Machines. The results indicate that the combined approach can significantly improve the detection performance on the refined data as compared to being trained on the original data, by 10% in overall accuracy and 24% in overall F1-score.
Original languageEnglish
Title of host publicationNetwork and System Security
Publication date2020
ISBN (Print)978-3-030-65744-4
Publication statusPublished - 2020
Event14th International Conference on Network and System Security - Virtual event, Melbourne, Australia
Duration: 25 Nov 202027 Nov 2020


Conference14th International Conference on Network and System Security
LocationVirtual event
Internet address
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)


  • Intrusion detection
  • Feature selection
  • Imbalanced data
  • Machine learning
  • Anomaly detection


Dive into the research topics of 'Evaluation of Anomaly-Based Intrusion Detection with Combined Imbalance Correction and Feature Selection'. Together they form a unique fingerprint.

Cite this