A Subset Feature Elimination Mechanism for Intrusion Detection System

several studies have suggested that by selecting relevant features for intrusion detection system, it is possible to considerably improve the detection accuracy and performance of the detection engine. Nowadays with the emergence of new technologies such as Cloud Computing or Big Data, large amount of network traffic are generated and the intrusion detection system must dynamically collected and analyzed the data produce by the incoming traffic. However in a large dataset not all features contribute to represent the traffic, therefore reducing and selecting a number of adequate features may improve the speed and accuracy of the intrusion detection system. In this study, a feature selection mechanism has been proposed which aims to eliminate non-relevant features as well as identify the features which will contribute to improve the detection rate, based on the score each features have established during the selection process. To achieve that objective, a recursive feature elimination process was employed and associated with a decision tree based classifier and later on, the suitable relevant features were identified. This approach was applied on the NSL-KDD dataset which is an improved version of the previous KDD 1999 Dataset, scikit-learn that is a machine learning library written in python was used in this paper. Using this approach, relevant features were identified inside the dataset and the accuracy rate was improved. These results lend to support the idea that features selection improve significantly the classifier performance. Understanding the factors that help identify relevant features will allow the design of a better intrusion detection system.

[1]  Dharmaraj R. Patil,et al.  Implementation of network intrusion detection system using variant of decision tree algorithm , 2015, 2015 International Conference on Nascent Technologies in the Engineering Field (ICNTE).

[2]  Jemal H. Abawajy,et al.  Using feature selection for intrusion detection system , 2012, 2012 International Symposium on Communications and Information Technologies (ISCIT).

[3]  Kwangjo Kim,et al.  Machine-Learning-Based Feature Selection Techniques for Large-Scale Network Intrusion Detection , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[4]  Dewan Md. Farid,et al.  Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection , 2010, ArXiv.

[5]  Karthik Vinnakota An Approach for Automatic Selection of Relevance Features in Intrusion Detection Systems , .

[6]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[7]  Yogita A. More,et al.  Intrusion Detection System for Cloud Computing , 2014 .

[8]  Partha Ghosh,et al.  An Efficient Hybrid Multilevel Intrusion Detection System in Cloud Environment , 2014 .

[9]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[10]  A. Kannan,et al.  Intrusion detection using optimal genetic feature selection and SVM based classifier , 2015, 2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN).

[11]  Amin Allahyar,et al.  Fast Feature Reduction in intrusion detection datasets , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[12]  Li Han Using a Dynamic K-means Algorithm to Detect Anomaly Activities , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[13]  Kalyani C. Waghmare,et al.  Intrusion Detection System Using Data Mining Technique : Support Vector Machine , 2013 .

[14]  Shan Suthaharan,et al.  Relevance feature selection with data cleaning for intrusion detection system , 2012, 2012 Proceedings of IEEE Southeastcon.

[15]  Dan Wang,et al.  An Effective Feature Selection Approach for Network Intrusion Detection , 2013, 2013 IEEE Eighth International Conference on Networking, Architecture and Storage.

[16]  Juan Wang,et al.  An Intrusion Detection Algorithm Based on Decision Tree Technology , 2009, 2009 Asia-Pacific Conference on Information Processing.

[17]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[18]  Carla E. Brodley,et al.  KDD-Cup 2000 organizers' report: peeling the onion , 2000, SKDD.

[19]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[20]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).

[21]  R. Geetha Ramani,et al.  Discriminant Analysis based Feature Selection in KDD Intrusion Dataset , 2011 .

[22]  Verónica Bolón-Canedo,et al.  Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset , 2011, Expert Syst. Appl..

[23]  Itzhak Levin,et al.  KDD-99 classifier learning contest LLSoft's results overview , 2000, SKDD.

[24]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .