Feature Weighting and Selection for a Real-Time Network Intrusion Detection System Based on GA with KNN

A good feature selection policy which can choose significant and as less as possible features plays a key role for any successful NIDS. The paper presents a genetic algorithm combined with kNN (k-Nearest Neighbor) for feature weighting. We weight all initial 35 features in the training phase and then select tops of them to implement a NIDS for testing. Many DoS/DDoS attacks are applied to evaluate the system. For known attacks we can get the best 97.42% overall accuracy rate while only the top 19 features are considered; as for unknown attacks, we can get the best 78% overall accuracy rate by top 28 features.

[1]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[2]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[3]  Michaël Rusinowitch,et al.  Protocol analysis in intrusion detection using decision tree , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[4]  Grant Dick,et al.  Weighted feature extraction using a genetic algorithm for intrusion detection , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[5]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines , 2002 .

[6]  B. Sick,et al.  Feature selection for intrusion detection: an evolutionary wrapper approach , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[7]  Jin-Wook Chung,et al.  Network Intrusion Detection Through Genetic Feature Selection , 2006, Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD'06).

[8]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..