Feature Selection Based on Genetic Algorithm and SupportVector Machine for Intrusion Detection System

One of the most common problems in existing detection techniques is the high curse of dimensionality, due to multidimensional features of the network attack data. This paper investigates the performances of genetic algorithm (GA) with support vector machine (SVM) classification method for feature selection, the forward feature selection algorithm (FFSA) and linear correlation feature selection (LCFS) in detecting different types of network attacks. In particular, the feature selection capability of GA, FFSA and LCFS has been studied. In this work GA, FFSA and LCFS have been implemented and tested on KDD CUP 1999 dataset. The results have shown that all of the algorithms are capable of achieving about 99% detection rate at different number of reduced features. GA with SVMand LCFS require only 21 features, while FFSA requires 31 features to detect the attacks effectively. In addition, the false positive results shown by all of the algorithms are comparatively low, between 0.43% and 0.59% when the detection rate is almost perfect. KEYWORD Genetic algorithm (GA); Support Vector Machine (SVM); feature selection; intrusion detection

[1]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[2]  Andrew James Simmonds,et al.  An Ontology for Network Security Attacks , 2004, AACC.

[3]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Wei Xu,et al.  Incremental SVM based on reserved set for network intrusion detection , 2011, Expert Syst. Appl..

[5]  Hadi Sarvari,et al.  Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches , 2010, 2010 International Conference of Soft Computing and Pattern Recognition.

[6]  Filomena Ferrucci,et al.  A Genetic Algorithm to Configure Support Vector Machines for Predicting Fault-Prone Components , 2011, PROFES.

[7]  Jun Wang,et al.  A real time IDSs based on artificial Bee Colony-support vector machine algorithm , 2010, Third International Workshop on Advanced Computational Intelligence.

[8]  Hong Wen,et al.  Bayesian Statistical Inference in Machine Learning Anomaly Detection , 2010, 2010 International Conference on Communications and Intelligence Information Security.

[9]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[10]  Payel Gupta,et al.  Genetic Algorithm Technique Used to Detect Intrusion Detection , 2011 .

[11]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[12]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[13]  Vik Tor Goh,et al.  Towards Intrusion Detection for Encrypted Networks , 2009, 2009 International Conference on Availability, Reliability and Security.

[14]  Tai-hoon Kim,et al.  Linear Correlation-Based Feature Selection for Network Intrusion Detection Model , 2013, SecNet.

[15]  Yu-Xin Meng,et al.  The practice on using machine learning for network anomaly intrusion detection , 2011, 2011 International Conference on Machine Learning and Cybernetics.

[16]  Erik Schaffernicht,et al.  Forward feature selection using Residual Mutual Information , 2009, ESANN.