New class-dependent feature transformation for intrusion detection systems

Intrusion Detection Systems (IDS) mainly focus on the original features extracted from the communications networks without complex pre-processing. In this paper, we propose new methods for class-dependent feature transformation to improve the accuracy of the IDS. In the previously known class-dependent feature transformation methods, the mapping process is accomplished by employing separate mapping matrices for each class of the dataset. In the training phase, samples of each class is mapped using only the corresponding matrix, whereas, in the test phase, each sample is mapped using all transformation matrices. This may lead to inaccuracy in classification. We modify the training and test phases of the class-dependent methods to extract more information from the dataset in the training phase that the other class-dependent methods ignore. Unlike the previously known class-dependent methods, the training and test phases of our proposed methods are very similar. We evaluate the performance of the proposed methods by measuring Mutual Information, and Maximum-Relevancy Minimum-Redundancy Information on a benchmark dataset for intrusion detection, namely NSL-KDD dataset, and on three different types of classifiers: distance-based, neural network-based, and decision tree-based classifiers. The experimental results demonstrate that the classifiers trained on the dataset transformed by our proposed feature transformation methods are more accurate in detecting intruders. In all experiments, the proposed methods perform better than their peers in increasing the classifier accuracy and reducing the false alarm of the detection process. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[2]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[3]  Bin-Xing Fang,et al.  A Lightweight Intrusion Detection Model Based on Feature Selection and Maximum Entropy Model , 2006, 2006 International Conference on Communication Technology.

[4]  Jiankun Hu,et al.  Critical infrastructure protection: Resource efficient sampling to improve detection of less frequent patterns in network traffic , 2010, J. Netw. Comput. Appl..

[5]  Muhammad Zubair Shafiq,et al.  Improving accuracy of immune-inspired malware detectors by using intelligent features , 2008, GECCO '08.

[6]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[7]  Boleslaw K. Szymanski,et al.  Host-Based Intrusion Detection Using User Signatures , 2002 .

[8]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[9]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[10]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[11]  M. Jabri,et al.  A Comparative Study of Principal Component Analysis Techniques , 1998 .

[12]  Robert P. W. Duin,et al.  Linear dimensionality reduction via a heteroscedastic extension of LDA: the Chernoff criterion , 2004, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[13]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[14]  Yang Li,et al.  Building lightweight intrusion detection system using wrapper-based feature selection mechanisms , 2009, Comput. Secur..

[15]  Octavio Nieto-Taladriz,et al.  Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..

[16]  Ahmad Akbari,et al.  Robust speech recognition using evolutionary class-dependent LDA , 2009, GECCO '09.

[17]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[18]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[19]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[20]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[21]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[22]  Rupali Datti,et al.  Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis , 2010 .