Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems

Intrusion Detection Systems (IDSs) are a major line of defense for protecting network resources from illegal penetrations. A common approach in intrusion detection models, specifically in anomaly detection models, is to use classifiers as detectors. Selecting the best set of features is central to ensuring the performance, speed of learning, accuracy, and reliability of these detectors as well as to remove noise from the set of features used to construct the classifiers. In most current systems, the features used for training and testing the intrusion detection systems consist of basic information related to the TCP/IP header, with no considerable attention to the features associated with lower level protocol frames. The resulting detectors were efficient and accurate in detecting network attacks at the network and transport layers, but unfortunately, not capable of detecting 802.11specific attacks such as deauthentication attacks or MAC layer DoS attacks. Key Words—Feature selection, intrusion detection systems, K-means, information gain ratio, wireless networks, neural networks.

[1]  Ron Kohavi,et al.  Feature Selection for Knowledge Discovery and Data Mining , 1998 .

[2]  Mark Handley,et al.  The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  Li Guo,et al.  Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System , 2006, Inscrypt.

[4]  Daxin Tian,et al.  A wireless intrusion detection method based on neural network , 2006, ACST.

[5]  Taghi M. Khoshgoftaar,et al.  Intrusion detection in wireless networks using clustering techniques with expert analysis , 2005, Fourth International Conference on Machine Learning and Applications (ICMLA'05).

[6]  Azzedine Boukerche,et al.  An artificial immune based intrusion detection model for computer and telecommunication systems , 2004, Parallel Comput..

[7]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[8]  B. Sick,et al.  Feature selection for intrusion detection: an evolutionary wrapper approach , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[9]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[10]  Azzedine Boukerche,et al.  Behavior-Based Intrusion Detection in Mobile Phone Systems , 2002, J. Parallel Distributed Comput..

[11]  Azzedine Boukerche,et al.  An agent based and biological inspired real-time intrusion detection and security model for computer network operations , 2007, Comput. Commun..

[12]  C. Manikopoulos,et al.  Investigation of neural network classification of computer network attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[13]  Taghi M. Khoshgoftaar,et al.  A clustering approach to wireless network intrusion detection , 2005, 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'05).

[14]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[15]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[16]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.