Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems

Intrusion detection systems (IDSs) play an important role in the security of computer networks. One of the main challenges in IDSs is the high-dimensional input data analysis. Feature selection is a solution to overcoming this problem. This paper presents a hybrid feature selection method using binary gravitational search algorithm (BGSA) and mutual information (MI) for improving the efficiency of standard BGSA as a feature selection algorithm. The proposed method, called MI-BGSA, used BGSA as a wrapper-based feature selection method for performing global search. Moreover, MI approach was integrated into the BGSA, as a filter-based method, to compute the feature–feature and the feature–class mutual information with the aim of pruning the subset of features. This strategy found the features considering the least redundancy to the selected features and also the most relevance to the target class. A two-objective function based on maximizing the detection rate and minimizing the false positive rate was defined as a fitness function to control the search direction of the standard BGSA. The experimental results on the NSL-KDD dataset showed that the proposed method can reduce the feature space dramatically. Moreover, the proposed algorithm found better subset of features and achieved higher accuracy and detection rate as compared to the some standard wrapper-based and filter-based feature selection methods.

[1]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[2]  H Nezamabadi Pour,et al.  BINARY PARTICLE SWARM OPTIMIZATION: CHALLENGES AND NEW SOLUTIONS , 2008 .

[3]  Carla E. Brodley,et al.  FRaC: a feature-modeling approach for semi-supervised and unsupervised anomaly detection , 2012, Data Mining and Knowledge Discovery.

[4]  Huan Liu,et al.  Searching for Interacting Features , 2007, IJCAI.

[5]  Svein J. Knapskog,et al.  Attribute Normalization in Network Intrusion Detection , 2009, 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks.

[6]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[7]  Alfredo De Santis,et al.  Network anomaly detection with the restricted Boltzmann machine , 2013, Neurocomputing.

[8]  Mansour Sheikhan,et al.  Intrusion detection using reduced-size RNN based on feature grouping , 2010, Neural Computing and Applications.

[9]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[10]  Chee Keong Kwoh,et al.  A Feature Subset Selection Method Based On High-Dimensional Mutual Information , 2011, Entropy.

[11]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[12]  Marko Robnik-Sikonja,et al.  Theoretical and Empirical Analysis of ReliefF and RReliefF , 2003, Machine Learning.

[13]  Chong-Ho Choi,et al.  Input Feature Selection by Mutual Information Based on Parzen Window , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[14]  Shaoning Pang,et al.  Personalized mode transductive spanning SVM classification tree , 2011, Inf. Sci..

[15]  Hossein Nezamabadi-pour,et al.  BGSA: binary gravitational search algorithm , 2010, Natural Computing.

[16]  Lei Liu,et al.  Feature selection with dynamic mutual information , 2009, Pattern Recognit..

[17]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[18]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[19]  Jugal K. Kalita,et al.  MIFS-ND: A mutual information-based feature selection method , 2014, Expert Syst. Appl..

[20]  Mark A. Hall,et al.  Correlation-based Feature Selection for Discrete and Numeric Class Machine Learning , 1999, ICML.

[21]  Huan Liu,et al.  Chi2: feature selection and discretization of numeric attributes , 1995, Proceedings of 7th IEEE International Conference on Tools with Artificial Intelligence.

[22]  Rajashree Dash,et al.  Comparative Analysis of Supervised and Unsupervised Discretization Techniques , 2011 .

[23]  Jane Labadin,et al.  Feature selection based on mutual information , 2015, 2015 9th International Conference on IT in Asia (CITA).

[24]  Jesús S. Aguilar-Ruiz,et al.  Heuristic Search over a Ranking for Feature Selection , 2005, IWANN.

[25]  Ajay Gupta,et al.  Anomaly intrusion detection in wireless sensor networks , 2006, J. High Speed Networks.

[26]  Victor Valeriu Patriciu,et al.  Intrusions detection based on Support Vector Machine optimized with swarm intelligence , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[27]  Hossein Nezamabadi-pour,et al.  GSA: A Gravitational Search Algorithm , 2009, Inf. Sci..

[28]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[29]  Larry A. Rendell,et al.  The Feature Selection Problem: Traditional Methods and a New Algorithm , 1992, AAAI.

[30]  Johnny S. Wong,et al.  On the symbiosis of specification-based and anomaly-based detection , 2010, Comput. Secur..

[31]  Catherine Blake,et al.  UCI Repository of machine learning databases , 1998 .

[32]  Alessio Merlo,et al.  Improving energy efficiency in distributed intrusion detection systems , 2013, J. High Speed Networks.

[33]  S. Figini,et al.  Network Selection: A Method for Ranked Lists Selection , 2012, PloS one.

[34]  Roberto Battiti,et al.  Using mutual information for selecting features in supervised neural net learning , 1994, IEEE Trans. Neural Networks.

[35]  Xindong Wu,et al.  A NEW SUPERVISED FEATURE SELECTION METHOD FOR PATTERN CLASSIFICATION , 2014, Comput. Intell..

[36]  Mansour Sheikhan Generation of suprasegmental information for speech using a recurrent neural network and binary gravitational search algorithm for feature selection , 2013, Applied Intelligence.

[37]  Edwin R. Hancock,et al.  Hypergraph based information-theoretic feature selection , 2012, Pattern Recognit. Lett..

[38]  Przemyslaw Kudlacik,et al.  Fuzzy approach for intrusion detection based on user’s commands , 2016, Soft Comput..

[39]  S. Baskar,et al.  A novel information theoretic-interact algorithm (IT-IN) for feature selection using three machine learning algorithms , 2010, Expert Syst. Appl..

[40]  Yan Wang,et al.  Convergence analysis and performance of an improved gravitational search algorithm , 2014, Appl. Soft Comput..

[41]  Ratna Babu Chinnam,et al.  mr2PSO: A maximum relevance minimum redundancy feature selection method based on swarm intelligence for support vector machine classification , 2011, Inf. Sci..

[42]  B. Bonev Feature Selection based on Information Theory , 2010 .

[43]  Gulshan Kumar,et al.  An information theoretic approach for feature selection , 2012, Secur. Commun. Networks.

[44]  Francesco Palmieri,et al.  On the detection of card-sharing traffic through wavelet analysis and Support Vector Machines , 2013, Appl. Soft Comput..

[45]  Mansour Sheikhan,et al.  Neural-based electricity load forecasting using hybrid of GA and ACO for feature selection , 2011, Neural Computing and Applications.

[46]  Zhong Jin,et al.  A novel SVM by combining kernel principal component analysis and improved chaotic particle swarm optimization for intrusion detection , 2014, Soft Computing.

[47]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..