Using Feature Selection to Improve Performance of Three-Tier Intrusion Detection System

Social media services have become an essential part of daily life. Once 5G services launch in the near future, the annual network IP flow can be expected to increase significantly. In case of security threats, network attacks will become more various and harder to detect. The intrusion detection system (IDS) in the network defense system is in charge of detecting malicious activities online. The research proposed an intelligent three-tier IDS that can process high-speed network flow and classify attack behaviors into nine kinds of attacks by seven machine learning methods. Based on the operation time, the detection process can be divided into the offline phase, which trains models by machine learning, and the online phase, which enhances the detection rate of network attacks by a three-tier filtering process. In the experiment, UNSW-NB15 was adopted as the dataset, where the accuracy of intrusion detection approached 98%.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Geoff Holmes,et al.  Benchmarking Attribute Selection Techniques for Discrete Class Data Mining , 2003, IEEE Trans. Knowl. Data Eng..

[3]  Awais Ahmad,et al.  Real time intrusion detection system for ultra-high-speed big data environments , 2016, The Journal of Supercomputing.

[4]  Igor Kononenko,et al.  Estimating Attributes: Analysis and Extensions of RELIEF , 1994, ECML.

[5]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[6]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[7]  Robert C. Holte,et al.  Very Simple Classification Rules Perform Well on Most Commonly Used Datasets , 1993, Machine Learning.

[8]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[9]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[10]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[11]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[12]  Andrew H. Sung,et al.  Monitoring System Security Using Neural Networks and Support Vector Machines , 2001, HIS.

[13]  Prachi Usage of Machine Learning for Intrusion Detection in a Network , 2016 .

[14]  Jill Slay,et al.  The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems , 2015, 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[15]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[16]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[17]  Pat Langley,et al.  Selection of Relevant Features and Examples in Machine Learning , 1997, Artif. Intell..

[18]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[19]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[20]  Kwangjo Kim,et al.  Machine-Learning-Based Feature Selection Techniques for Large-Scale Network Intrusion Detection , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[21]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[22]  Jill Slay,et al.  A hybrid feature selection for network intrusion detection systems: Central points , 2017, ArXiv.

[23]  Koushal Kumar,et al.  Network Intrusion Detection with Feature Selection Techniques using Machine-Learning Algorithms , 2016 .