Advancing Intrusion Detection Efficiency: A ’Less is More’ Approach via Feature Selection

Abstract Cybersecurity relies heavily on effective intrusion detection, a task that may fall short when utilizing unprocessed data in machine learning models. In an endeavor to improve detection rates, our research embraced a ‘Less is More’ strategy. By employing Random Forest feature selection, the in- terpacket arrival time (IAT) surfaced as the key determinant, in a real-time dataset encompassing 33 attacks in an IoT environment consisting of 105 devices. Concentrating on this singular feature and reducing the data’s di- mensions (thus drastically minimizing training and prediction time), our best model yielded an F1 score of 90.46%, outperforming prior results by nearly 19%. Additionally, a trial using the most important 25 features yielded an F1 score of 84.26%. While this was not as successful, it may yield better results when experimenting with different datasets. We also measured training time and prediction time per entry for all models and stated that lower dimension- ality in data leads to drastically lower training and prediction times. Though the IAT-centered method showed considerable promise, its universal applica- bility may be limited. Our findings illuminate the substantial potential of this method in intrusion detection, emphasizing the crucial role that feature se- lection can play in enhancing accuracy, with effects that could be far-reaching across various real-world scenarios and scholarly pursuits. The limitation of this research lies in the potential inability to apply the one-feature approach universally. Moving forward, investigations may pivot towards assessing the ’Less is More’ strategy’s adaptability across diverse datasets, fine-tuning the approach to harmonize efficacy and applicability. This investigation not only underscores the potential of feature selection in intrusion detection but also manifests a breakthrough in efficiency, achieving a remarkable improvement over previous methods. By employing a focused approach, our research has catalyzed an advancement in the field. The substantial enhancement in detec- tion efficiency validates this approach, positioning it as a viable and effective solution for those seeking to strengthen and streamline intrusion detection systems.