Abstract

Intrusion Detection Systems (IDSs) remain essential for securing modern network infrastructures, where traffic data are often high-dimensional and contain redundant or weakly informative attributes. This study proposes a hybrid feature selection approach that combines Information Gain with L1-regularized selection to construct a compact and informative representation of the UNSW-NB15 dataset. The method applies relevance-based filtering followed by sparsity-driven refinement within a leakage-aware pipeline, in which preprocessing and feature selection are derived exclusively from the training data. Under a reduced six-class configuration, the proposed approach reduces 42 candidate predictors to 21 traffic-related features. Across multiple classifiers, Random Forest + IGL1 achieved the best performance, with an accuracy of 0.8432 and an F1-score of 0.8376, while MLP and Gradient Boosting also remained competitive. These findings indicate that the selected features preserve consistent discriminative patterns rather than favoring a single classifier. Overall, the study highlights the importance of leakage-aware evaluation for producing reliable, reproducible intrusion detection results. Future work will extend the analysis to the full multi-class setting and examine applicability in real-time or streaming environments.

IPC Classification

Keywords