Comprehensive Evaluation of Hybrid and XAI-Based Feature Selection for Intrusion Detection: A Smart City Perspective

Felipe N. Dresch; Felipe H. Scherer; Matheus M. Ciocca; Vagner E. Quincozes; Silvio E. Quincozes; Diego Kreutz

doi:10.5753/jbcs.2026.5664

Authors

Felipe N. Dresch Federal University of Pampa https://orcid.org/0009-0003-9700-2909
Felipe H. Scherer Federal University of Pampa https://orcid.org/0009-0000-3093-7142
Matheus M. Ciocca Federal University of Pampa https://orcid.org/0009-0001-5478-4985
Vagner E. Quincozes Fluminense Federal University https://orcid.org/0000-0002-6688-5572
Silvio E. Quincozes Federal University of Pampa, Federal University of Uberlândia https://orcid.org/0000-0001-6793-4033
Diego Kreutz Federal University of Pampa https://orcid.org/0000-0003-0830-0238

DOI:

https://doi.org/10.5753/jbcs.2026.5664

Keywords:

Metaheuristics, Intrusion Detection System, Feature Selection, Explainable Artificial Intelligence (XAI)

Abstract

The expanding connectivity within smart cities has dramatically increased the attack surface, posing significant challenges for Intrusion Detection Systems (IDSs). A critical aspect of effective IDSs is the selection of relevant features to accurately identify potential attackers. Traditional feature selection methods, including filter-based (fast but potentially less accurate), wrapper-based (accurate but computationally intensive), and embedded (classifier-dependent) approaches, each present inherent limitations. Recent advancements propose alternative strategies, such as using Explainable Artificial Intelligence (XAI) algorithms to enhance filtering techniques, hybridizing filter and wrapper methods, and combining these strategies to optimize performance. However, a systematic evaluation of these novel feature selection methods within the context of diverse smart city environments remains largely unexplored. This work presents a comprehensive assessment of feature selection techniques for IDSs in multiple Smart City domains, including healthcare and transportation. Our analysis focuses on evaluating the trade-offs between classification performance and feature reduction achieved by hybrid (IWSHAP), metaheuristics (GRASPQ-FS) and XAI-based approaches (SHAP Ranking). The experimental results indicate that XAI-based methods achieve a favorable trade-off between dimensionality reduction and predictive performance, consistently preserving high F1-Scores (often exceeding 90%) while simultaneously reducing the feature set by substantial margins (e.g., over 90%). Although metaheuristic approaches can achieve superior feature reduction, they often require meticulous tuning to prevent performance degradation. This study underscores the potential of XAI-driven feature selection to enhance IDSs' effectiveness within complex Smart City ecosystems.

Downloads

Download data is not yet available.

References

Abbas, T., Khan, A. H., Kanwal, K., Daud, A., Irfan, M., Bukhari, A., and Alharbey, R. (2024). IoMT-Based Healthcare Systems: A Review. Computer Systems Science & Engineering, 48(4). DOI: 10.32604/csse.2024.049026.

Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., and Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1):e4150. DOI: 10.1002/ett.4150.

Arreche, O., Guntur, T., and Abdallah, M. (2024). Xai-based feature selection for improved network intrusion detection systems. DOI: 10.48550/arxiv.2410.10050.

Ashibani, Y. and Mahmoud, Q. H. (2017). Cyber physical systems security: Analysis, challenges and solutions. Computers & Security, 68:81-97. DOI: 10.1016/j.cose.2017.04.005.

Awajan, A. (2023). A novel deep learning-based intrusion detection system for iot networks. Computers, 12(2). DOI: 10.3390/computers12020034.

Bakro, M., Kumar, R. R., Husain, M., Ashraf, Z., Ali, A., Yaqoob, S. I., Ahmed, M. N., and Parveen, N. (2024). Building a cloud-ids by hybrid bio-inspired feature selection algorithms along with random forest model. IEEE Access, 12:8846-8874. DOI: 10.1109/ACCESS.2024.3353055.

Bataineh, A. S., Zulkernine, M., Abusitta, A., and Halabi, T. (2024). Detecting poisoning attacks in collaborative idss of vehicular networks using xai and shapley value. Journal on Autonomous Transportation Systems, 2(3):1-21. DOI: 10.1145/3696462.

Bermejo, P., Gamez, J. A., and Puerta, J. M. (2009). Incremental wrapper-based subset selection with replacement: An advantageous alternative to sequential forward selection. In 2009 IEEE Symposium on Computational Intelligence and Data Mining, pages 367-374. DOI: 10.1109/CIDM.2009.4938673.

Cao, L., Jiang, X., Zhao, Y., Wang, S., You, D., and Xu, X. (2020). A survey of network attacks on cyber-physical systems. IEEE Access, 8:44219-44227. DOI: 10.1109/ACCESS.2020.2977423.

Chandrashekar, G. and Sahin, F. (2014). A survey on feature selection methods. Computers & Electrical Engineering, 40(1):16-28. 40th-year commemorative issue. DOI: 10.1016/j.compeleceng.2013.11.024.

Chen, T. and Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD '16, page 785–794, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/2939672.2939785.

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., and Stoddart, K. (2016). A review of cyber security risk assessment methods for scada systems. Computers & Security, 56:1-27. DOI: 10.1016/j.cose.2015.09.009.

Dadkhah, S., Neto, E. C. P., Ferreira, R., Molokwu, R. C., Sadeghi, S., and Ghorbani, A. A. (2024). Ciciomt2024: A benchmark dataset for multi-protocol security assessment in iomt. Internet of Things, 28:101351. DOI: 10.1016/j.iot.2024.101351.

Demertzi, V., Demertzis, S., and Demertzis, K. (2023). An overview of cyber threats, attacks and countermeasures on the primary domains of smart cities. Applied Sciences, 13(2). DOI: 10.3390/app13020790.

Diaba, S. Y., Shafie-khah, M., and Elmusrati, M. (2024). Cyber-physical attack and the future energy systems: A review. Energy Reports, 12:2914-2932. DOI: 10.1016/j.egyr.2024.08.060.

Din, I. U., Almogren, A., and Rodrigues, J. J. (2024). AIoT Integration in Autonomous Vehicles: Enhancing Road Cooperation and Traffic Management. IEEE Internet of Things Journal. DOI: 10.1109/JIOT.2024.3387927.

Divekar, A., Parekh, M., Savla, V., Mishra, R., and Shirole, M. (2018). Benchmarking datasets for anomaly-based network intrusion detection: KDD CUP 99 alternatives. CoRR, abs/1811.05372. DOI: 10.1109/CCCS.2018.8586840.

Dui, H., Zhang, S., Liu, M., Dong, X., and Bai, G. (2024). IoT-Enabled Real-Time Traffic Monitoring and Control Management for Intelligent Transportation Systems. IEEE Internet of Things Journal, 11(9):15842-15854. DOI: 10.1109/JIOT.2024.3351908.

E. L. Asry, C., Benchaji, I., Douzi, S., and E. L. Ouahidi, B. (2024). A robust intrusion detection system based on a shallow learning model and feature extraction techniques. PLOS ONE, 19(1):1-31. DOI: 10.1371/journal.pone.0295801.

Esseghir, M. A. (2010). Effective wrapper-filter hybridization through grasp schemata. Available at:[link].

Evancich, N. and Li, J. (2016). Attacks on Industrial Control Systems, pages 95-110. Springer International Publishing, Cham. DOI: 10.1007/978-3-319-32125-7_6.

Faliagka, E., Christopoulou, E., Ringas, D., Politi, T., Kostis, N., Leonardos, D., Tranoris, C., Antonopoulos, C. P., Denazis, S., and Voros, N. (2024). Trends in digital twin framework architectures for smart cities: A case study in smart mobility. Sensors, 24(5):1665. DOI: 10.3390/s24051665.

Fang, Y., Yao, Y., Lin, X., Wang, J., and Zhai, H. (2024). A feature selection based on genetic algorithm for intrusion detection of industrial control systems. Computers & Security, 139:103675. DOI: 10.1016/j.cose.2023.103675.

Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security, 28(1-2):18-28. DOI: 10.1016/j.cose.2008.08.003.

Guryanov, A. (2019). Histogram-based algorithm for building gradient boosting ensembles of piecewise linear decision trees. In van der Aalst, W. M. P., Batagelj, V., Ignatov, D. I., Khachay, M., Kuskova, V., Kutuzov, A., Kuznetsov, S. O., Lomazova, I. A., Loukachevitch, N., Napoli, A., Pardalos, P. M., Pelillo, M., Savchenko, A. V., and Tutubalina, E., editors, Analysis of Images, Social Networks and Texts, pages 39-50, Cham. Springer International Publishing. DOI: 10.1007/978-3-030-37334-4_4.

Guyon, I. and Elisseeff, A. (2003). An introduction to variable and feature selection. J. Mach. Learn. Res., 3(null):1157–1182. DOI: 10.5555/944919.944968.

Habibi Lashkari, A., Kaur, G., and Rahali, A. (2020). Didarknet: A contemporary approach to detect and characterize the darknet traffic using deep image learning. In Proceedings of the 2020 10th International Conference on Communication and Network Security, pages 1-13. DOI: 10.1145/3442520.3442521.

Javeed, D., Gao, T., Saeed, M. S., Kumar, P., Kumar, R., and Jolfaei, A. (2023). A softwarized intrusion detection system for iot-enabled smart healthcare system. ACM Trans. Internet Technol. Just Accepted. DOI: 10.1145/3634748.

Jeong, S., Lee, S., Lee, H., and Kim, H. K. (2024). X-CANIDS: Signal-aware explainable intrusion detection system for controller area network-based in-vehicle network. IEEE Transactions on Vehicular Technology, 73(3):3230-3246. DOI: 10.1109/TVT.2023.3327275.

Kato, T., Fukumoto, N., Sasaki, C., Tagami, A., and Nakao, A. (2024). Challenges of cps/iot network architecture in 6g era. IEEE Access. DOI: 10.1109/ACCESS.2024.3395363.

Kayan, H., Nunes, M., Rana, O., Burnap, P., and Perera, C. (2022). Cybersecurity of industrial cyber-physical systems: A review. ACM Comput. Surv., 54(11s). DOI: 10.1145/3510410.

Ke, G., Meng, Q., Finley, T., Wang, T., Chen, W., Ma, W., Ye, Q., and Liu, T.-Y. (2017). Lightgbm: a highly efficient gradient boosting decision tree. In Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS'17, page 3149–3157, Red Hook, NY, USA. Curran Associates Inc.. DOI: 10.5555/3294996.3295074.

Khani, P., Moeinaddini, E., Abnavi, N. D., and Shahraki, A. (2024). Explainable artificial intelligence for feature selection in network traffic classification: A comparative study. Transactions on Emerging Telecommunications Technologies, 35(4):e4970. DOI: 10.1002/ett.4970.

Kim, D.-j., NG, B. A., and Sarveshwaran, V. (2024). A novel split learning based consumer electronics network traffic anomaly detection framework for smart city environment. IEEE Transactions on Consumer Electronics. DOI: 10.1109/TCE.2024.3367330.

Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., and Kim, K. J. (2019). A survey of deep learning-based network anomaly detection. Cluster Computing, 22:949-961. DOI: 10.1007/s10586-017-1117-8.

Li, J., Othman, M. S., Chen, H., and Yusuf, L. M. (2024). Optimizing iot intrusion detection system: feature selection versus feature extraction in machine learning. Journal of Big Data, 11(1):36. DOI: 10.1186/s40537-024-00892-y.

Mahmoud, R., Yousuf, T., Aloul, F., and Zualkernan, I. (2015). Internet of things (iot) security: Current status, challenges and prospective measures. In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pages 336-341. DOI: 10.1109/ICITST.2015.7412116.

Marwedel, P. (2021). Embedded System Design: Embedded Systems Foundations of Cyber-Physical Systems, and the Internet of Things. Springer Nature. DOI: 10.1007/978-3-030-60910-8.

Mihailescu, M.-E., Mihai, D., Carabas, M., Komisarek, M., Pawlicki, M., Hołubowicz, W., and Kozik, R. (2021). The proposition and evaluation of the roedunet-simargl2021 network intrusion detection dataset. Sensors, 21(13). DOI: 10.3390/s21134319.

Mitchell, R. and Chen, I.-R. (2014). A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv., 46(4). DOI: 10.1145/2542049.

Moradkhani, M., Amiri, A., Javaherian, M., and Safari, H. (2015). A hybrid algorithm for feature subset selection in high-dimensional datasets using fica and iwssr algorithm. Applied Soft Comp., 35:123. DOI: 10.1016/j.asoc.2015.03.049.

Okada, S., Jmila, H., Akashi, K., Mitsunaga, T., Sekiya, Y., Takase, H., Blanc, G., and Nakamura, H. (2025). Xai-driven black-box adversarial attacks on network intrusion detectors. International Journal of Information Security, 24(3):1-15. DOI: 10.1007/s10207-025-01016-0.

Pesaramelli, R. S. and Sujatha, B. (2024). Principle correlated feature extraction using differential evolution for improved classification. In AIP Conference Proceedings, volume 2919. AIP Publishing. DOI: 10.1063/5.0184938.

Quincozes, S. E., Passos, D., Albuquerque, C., Ochi, L. S., and Mossé, D. (2020). GRASP-based feature selection for intrusion detection in cps perception layer. In 2020 4th Conference on Cloud and Internet of Things (CIoT), pages 41-48. DOI: 10.1109/CIoT50422.2020.9244207.

Quincozes, V. E., Quincozes, S. E., Albuquerque, C., Passos, D., and Mossé, D. (2024). Efficient feature selection for intrusion detection systems with priority queue-based grasp. In 2024 IEEE 13th International Conference on Cloud Networking (CloudNet), pages 1-8. DOI: 10.1109/CloudNet62863.2024.10815746.

Saber, O. and Mazri, T. (2021). Smart city security issues: The main attacks and countermeasures. Int. Arch. Photogramm. Remote Sens. Spatial Inf. Sci., XLVI-4/W5-2021:465-472. DOI: 10.5194/isprs-archives-XLVI-4-W5-2021-465-2021.

Scherer, F., Dresch, F., Quincozes, S., Kreutz, D., and Quincozes, V. (2024a). IWSHAP: Um método de seleção incremental de características para redes can baseado em inteligência artificial explicável (XAI). In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 351-366, Porto Alegre, RS, Brasil. SBC. DOI: 10.5753/sbseg.2024.241780.

Scherer, F., Dresch, F., Quincozes, S., Kreutz, D., and Quincozes, V. (2024b). Iwshap: Uma ferramenta para seleção incremental de características utilizando iwss e shap. In Anais Estendidos do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 105-112, Porto Alegre, RS, Brasil. SBC. DOI: 10.5753/sbseg_estendido.2024.243376.

Shanbhag, A., Vincent, S., Gowda, S. B. B., Kumar, O. P., and Francis, S. A. J. (2024). Leveraging metaheuristics for feature selection with machine learning classification for malicious packet detection in computer networks. IEEE Access, 12:21745-21764. DOI: 10.1109/ACCESS.2024.3362246.

Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A., et al. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108-116. DOI: 10.5220/0006639801080116.

Silva, E. F., Naves, N., Quincozes, S. E., Quincozes, V. E., Kazienko, J. F., and Cheikhrouhou, O. (2023). GDLS-FS: Scaling feature selection for intrusion detection with grasp-fs and distributed local search. In International conference on advanced information networking and applications, pages 199-210. Springer. DOI: 10.1007/978-3-031-28451-9_18.

Sivamohan, S. and Sridhar, S. (2023). An optimized model for network intrusion detection systems in industry 4.0 using xai based bi-lstm framework. Neural Computing and Applications, 35(15):11459-11475. DOI: 10.1007/s00521-023-08319-0.

Stutz, D., de Assis, J. T., Laghari, A. A., Khan, A. A., Deshpande, A., Kulkarni, D., Terziev, A., de Jesus, M. A., and Grata, E. G. (2024). Cyber threat detection and mitigation using artificial intelligence-a cyber-physical perspective. Applying Artificial Intelligence in Cybersecurity Analytics and Cyber Threat Detection, pages 107-133. DOI: 10.1002/9781394196470.ch7.

Su, R. (2018). Supervisor synthesis to thwart cyber attack with bounded sensor reading alterations. Automatica, 94:35-44. DOI: 10.1016/j.automatica.2018.04.006.

Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications, pages 1-6. Ieee. DOI: 10.1109/CISDA.2009.5356528.

Turukmane, A. V. and Devendiran, R. (2024). M-multisvm: An efficient feature selection assisted network intrusion detection system using machine learning. Computers & Security, 137:103587. DOI: 10.1016/j.cose.2023.103587.