A Hybrid Approach for Many-Objective Feature Selection in Intrusion Detection on Windows Operating Systems

The exponential increase in devices connected to the Internet has rendered them vulnerable to various types of cyberattacks, disrupting their proper functioning. As a result, it is crucial to have reliable Intrusion Detection Systems (IDS) that can identify malicious activities on the network. However, the unpredictable nature of network behavior and the large volume of data to be audited pose significant challenges. This work aims to address these challenges by eliminating redundant data features, identifying a subset of relevant and representative features that enhance the anomaly detection performance of an IDS using many-objective optimization algorithms. In this work, we have analyzed the recent TON IoT dataset, which collects monitoring data on devices using Windows and Linux operating systems. The NSGA-II, NSGA-III, RVEA, and MOEA/D were used as many-objective feature selection algorithms. Our computational simulations identified good subsets of features that showed better classification performance and accuracy in comparison to the complete set of features. Notably, the results obtained using the NSGA-II stood out from the others.