Дослідження залежності якості ПЗ для виявлення вторгнень від методів вибору ознак у моделях машинного навчання

I.Ya. Savka; М.S. Dutchak; O.T. Koval

doi:10.15330/itee.2025.3.04

Authors

I.Ya. Savka Vasyl Stefanyk Carpathian National University https://orcid.org/0000-0002-3442-5547
М.S. Dutchak Vasyl Stefanyk Carpathian National University https://orcid.org/0000-0002-3337-5613
O.T. Koval Vasyl Stefanyk Carpathian National University

DOI:

https://doi.org/10.15330/itee.2025.3.04

Keywords:

intrusion detection systems, feature selection, machine learning, ISO/IEC, quality indicator, performance, scalability, reliability, functional suitability, software metrics, integrated quality index

Abstract

The rapid increase in the complexity of cyberattacks and the growing volume of network traffic impose higher requirements on intrusion detection systems (IDS) in terms of detection accuracy, performance, and scalability. Machine learning methods play a key role in the development of modern IDS, and their effectiveness largely depends on the quality of feature selection. However, most existing studies focus on improving individual classification metrics, while the comprehensive evaluation of IDS software quality index, including resource costs associated with feature selection such as training time, inference speed, and scalability, remains insufficiently addressed.

This paper analyzes the role of machine learning and feature selection methods in intrusion detection tasks and considers the requirements of the ISO/IEC 25010 standard for software quality. Based on this, a system of quality indicators for intrusion detection systems is developed, and an integrated quality index is proposed that combines both functional and non-functional characteristics of the model.

A software tool was developed to automate the full cycle of experiments comparing different feature selection methods and machine learning models based on open network traffic datasets, with subsequent calculation of the integral quality indicator and visualization of the results.

The results demonstrate that the choice of feature selection method and the reduction of the feature space have a significant impact on the performance and scalability of intrusion detection systems, emphasizing the importance of considering this factor in a comprehensive evaluation of the modern IDS quality index.

References

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, Jul. 2019. doi: https://doi.org/10.1186/s42400-019-0038-7.

S. Maza and M. Touahria, “Feature Selection Algorithms in Intrusion Detection System: A Survey,” KSII Transactions on Internet and Information Systems, vol. 12, no. 10, Oct. 2018. doi: https://doi.org/10.3837/tiis.2018.10.024.

N. Pudjihartono, T. Fadason, A. W. Kempa-Liehr, and J. M. O'Sullivan, “A Review of Feature Selection Methods for Machine Learning-Based Disease Risk Prediction,” Frontiers in Bioinformatics, vol. 2, Jun. 2022. doi: https://doi.org/10.3389/fbinf.2022.927312.

H. Abubaker, F. Muchtar, A. R. Khairuddin, A. N. A. Nuar, Z. M. Yunos, and C. Salimun, “Exploring Important Factors in Predicting Heart Disease Based on Ensemble- Extra Feature Selection Approach,” Baghdad Science Journal, vol. 21, no. 2(SI), p. 0812, Feb. 2024. doi: https://doi.org/10.21123/bsj.2024.9711.

S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” Journal of Big Data, vol. 7, no. 1, Nov. 2020. doi: https://doi.org/10.1186/s40537-020-00379-6.

H. Zouhri, A. Idri, and A. Ratnani, “Evaluating the impact of filter-based feature selection in intrusion detection systems,” International Journal of Information Security, vol. 23, pp. 759–785. Oct. 2023. doi: https://doi.org/10.1007/s10207-023-00767-y.

B. Reis, E. Maia, and I. Praça, “Selection and Performance Analysis of CICIDS2017 Features Importance,” in Foundations and Practice of Security. Cham: Springer Int. Publishing, 2020, pp. 56–71. doi: https://doi.org/10.1007/978-3-030-45371-8_4.

Y. Yin et al., “IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset,” Journal of Big Data, vol. 10, no. 1, Feb. 2023. doi: https://doi.org/10.1186/s40537-023-00694-8.

Canadian Institute for Cybersecurity, Intrusion Detection Evaluation Dataset (CICIDS2017), University of New Brunswick, 2018. [Online]. URL: https://www.unb.ca/cic/datasets/ids-2017.html (accessed: Sep. 25, 2025).

ДСТУ ISO/IEC 25010:2016. Інженерія систем і програмних засобів. Вимоги до якості систем і програмних засобів та її оцінювання (SQuaRE). Моделі якості системи та програмних засобів, 2016.