Online Feature Ranking for Intrusion Detection Systems

Many current approaches to the design of intrusion detection systems apply feature selection in a static, non-adaptive fashion. These methods often neglect the dynamic nature of network data which requires to use adaptive feature selection techniques. In this paper, we present a simple technique based on incremental learning of support vector machines in order to rank the features in real time within a streaming model for network data. Some illustrative numerical experiments with two popular benchmark datasets show that our approach allows to adapt to the changes in normal network behaviour and novel attack patterns which have not been experienced before.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Alexander Jung,et al.  Structural Feature Selection for Event Logs , 2017, Business Process Management Workshops.

[3]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[4]  Zhi-Hua Hu,et al.  An Incremental SVM for Intrusion Detection Based on Key Feature Selection , 2009, 2009 Third International Symposium on Intelligent Information Technology Application.

[5]  Amit Kumar Dewangan,et al.  An Ensemble Model for Classification of Attacks with Feature Selection based on KDD99 and NSL-KDD Data Set , 2014 .

[6]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[7]  Buse Atli,et al.  Anomaly-Based Intrusion Detection by Modeling Probability Distributions of Flow Characteristics , 2017 .

[8]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[9]  Agustinus Jacobus,et al.  Network packet data online processing for intrusion detection system , 2015, 2015 1st International Conference on Wireless and Telematics (ICWT).

[10]  Stefan C. Kremer,et al.  Network intrusion detection system based on recursive feature addition and bigram technique , 2018, Comput. Secur..

[11]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[12]  Alexander Jung A Gentle Introduction to Supervised Machine Learning , 2018, ArXiv.

[13]  Shen Furao,et al.  An online incremental learning support vector machine for large-scale data , 2011, Neural Computing and Applications.

[14]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[15]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[16]  Alexander Jung,et al.  A Fixed-Point of View on Gradient Methods for Big Data , 2017, Front. Appl. Math. Stat..

[17]  Chih-Jen Lin,et al.  Feature Ranking Using Linear SVM , 2008, WCCI Causation and Prediction Challenge.

[18]  Dirk Eddelbuettel A Gentle Introduction to Rcpp , 2013 .

[19]  Isabelle Guyon,et al.  An Introduction to Variable and Feature Selection , 2003, J. Mach. Learn. Res..

[20]  Léon Bottou,et al.  Large-Scale Machine Learning with Stochastic Gradient Descent , 2010, COMPSTAT.

[21]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[22]  Sheng Ding,et al.  Feature Selection Based F-Score and ACO Algorithm in Support Vector Machine , 2009, 2009 Second International Symposium on Knowledge Acquisition and Modeling.