Adaptive feature selection for denial of services (DoS) attack

Adaptive detection is the learning ability to detect any changes in patterns in intrusion detection systems. In this paper, we propose combining two techniques in feature selection algorithm, namely consistency subset evaluation (CSE) and DDoS characteristic features (DCF) to identify and select the most important and relevant features related DDoS attacks. The proposed technique is trained and tested using the NSL-KDD 2009 dataset and compared with the traditional features selection method such as Information Gain, Gain Ratio, Chi-squared and Correlated features selection (CFS). The result shows that the combined CSE with DCF model overcomes the drawback of traditional feature selection technique such as avoid over-fitting, long training time and improved efficiency of detections. The adaptive model based on this technique can reduce computational complexity to analyze the data when attack occurs.

[1]  Peyman Kabiri,et al.  Feature Selection for Intrusion Detection System Using Ant Colony Optimization , 2016, Int. J. Netw. Secur..

[2]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[3]  Pratik Narang,et al.  Feature selection for detection of peer-to-peer botnet traffic , 2013, COMPUTE.

[4]  Rui Guo,et al.  Research on the Detection of Distributed Denial of Service Attacks Based on the Characteristics of IP Flow , 2008, NPC.

[5]  Hee-su Chae,et al.  Feature Selection for Intrusion Detection using NSL-KDD , 2013 .

[6]  Huan Liu,et al.  Consistency-based search in feature selection , 2003, Artif. Intell..

[7]  Malcolm I. Heywood,et al.  Feature selection for robust backscatter DDoS detection , 2015, 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops).

[8]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[9]  Setiadi Yazid,et al.  DDoS Attack detection method and mitigation using pattern of the flow , 2013, 2013 International Conference of Information and Communication Technology (ICoICT).

[10]  Ulrich Buehler,et al.  Mining Techniques in Network Security to Enhance Intrusion Detection Systems , 2012 .

[11]  Ling Gao,et al.  An Intrusion Detection Model Based on Deep Belief Networks , 2014 .

[12]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[13]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[14]  Ali Selamat,et al.  An Evaluation on KNN-SVM Algorithm for Detection and Prediction of DDoS Attack , 2016, IEA/AIE.

[15]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[16]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[17]  A. Kai Qin,et al.  Evolutionary extreme learning machine , 2005, Pattern Recognit..