Data volumes used to train machine learning models for cyber security systems are often measured in gigabytes and contain dozens of features that can take hundreds of thousands of values. Also, the data is constantly updated and replenished during the operation of the systems. The increase in data volume leads to certain problems, including increased model training and testing time, the curse of dimensionality, small sample sizes, noisy or redundant features, and biased data. Feature selection is fundamental to solving such kinds of problems. The purpose of this article is to study the impact of feature selection methods on the quality of cyberattack classification by machine learning models in order to determine the most effective approaches to form a features set. The article provides a brief description and studies the effectiveness of using well-known feature selection methods such as: the correlation method, the method based on the χ² statistical criterion, the ANOVA statistical method, the method based on mutual information calculation, the ReliefF method, the method based on a genetic algorithm, and the recursive feature selection method. The effectiveness of feature selection methods was evaluated in combination with various machine learning methods according to criteria such as Recall, Precision, Accuracy, and F2-score. In addition, the article provides graphs showing the dependence of the missed attacks number and false positives on the number of features for each method. Experimental studies were conducted using Python and the scikit-learn library. They showed that the feature selection methods' usage improves the machine learning models performance and reduces the time required for their training. The effectiveness of each method depends on the data amount to be processed, the machine learning methods with which certain feature selection methods are used, and time and computational constraints. Using the χ² algorithm, ANOVA methods, and Mutual Information Filter in a model based on random forest allows for better results than Genetic Algorithm and Recursive feature elimination. However, the latter, in combination with the k-Nearest Neighbours method, are the most effective of all the combinations of feature selection methods and machine learning methods studied in terms of the number of detected attacks and false positives.
О. Zaluzhnyi (Wed,) studied this question.