Intrusion detection system model: a white-box decision tree with feature selection optimization

Intrusion detection has been an active development area due to its importance in highly digitally connected ecosystems. Most of the existing developments have focused on the use of complex machine learning models that are black-box in nature. There is an urgent need to investigate a more transparent model approach for determining the features associated with intrusion detection. In this paper, a feature selection is proposed for a decision tree (DT)-based classifier. In particular, a stochastic optimization technique based on differential evolution (DE) is used to create the DT for optimizing feature selection. The contribution of this paper is twofold. First, a white-box machine learning model using DT is implemented. Second, an optimal feature reduction approach is embedded in the process of building the DT. The results demonstrate an improvement over the non-feature selection approach and the black-box neural network and are comparable to other state-of-the-art models. This shows that it is possible to achieve high performance despite using a minimal transparent model by eliminating non-contributing features. This is the essence of Occam’s razor principle, which states that a more condensed model contributes to better generalization. There is an evident improvement in the generalization of the DT model after optimization of features. Despite often being associated with a weaker machine learning model, the results show comparative results on independent datasets, indicating the suitability for such a task. It is worth mentioning that the final model only utilizes a fraction of the full feature set. Although the generalization performance only improved less than 1% in comparison with the non-feature selection counterpart, the proposed approach suggests that a condensed model yielding a similar performing model should be considered.