A filter-based feature selection model for anomaly-based intrusion detection systems

Feature selection is an important factor in modeling anomaly-based intrusion detection systems. An irrelevant feature can result in overfitting and affect the modeling power of classification algorithms. The objective of feature selection is to remove irrelevant and redundant attributes from the dataset to improve the predictive power of a classification algorithm. In this paper, we introduce a filter-based feature selection model for anomaly-based intrusion detection systems. The proposed model evaluates the features based on information gain by considering consistency, dependency, information, and distance of each feature. The experimental results show that our proposed model has a key effect in reducing computational and time complexity. The accuracy of the proposed model was measured as 99.70 % and 99.90% for the ISCX and NSL-KDD datasets respectively.

[1]  Ravindra C. Thool,et al.  Intrusion Detection System Using Bagging with Partial Decision TreeBase Classifier , 2015 .

[2]  Dunja Mladenic,et al.  Feature Selection for Dimensionality Reduction , 2005, SLSFS.

[3]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[4]  Mislav Grgic,et al.  Independent comparative study of PCA, ICA, and LDA on the FERET data set , 2005, Int. J. Imaging Syst. Technol..

[5]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[6]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines , 2002 .

[7]  Huan Liu,et al.  Toward integrating feature selection algorithms for classification and clustering , 2005, IEEE Transactions on Knowledge and Data Engineering.

[8]  Jie Shan,et al.  Research on Intrusion Detection Algorithm Based on BP Neural Network , 2015 .

[9]  Dong Seong Kim,et al.  Determining Optimal Decision Model for Support Vector Machine by Genetic Algorithm , 2004, CIS.

[10]  Peyman Kabiri,et al.  Feature Selection for Intrusion Detection System Using Ant Colony Optimization , 2016, Int. J. Netw. Secur..

[11]  Thomas Weigert,et al.  An adaptive automatically tuning intrusion detection system , 2008, TAAS.

[12]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[13]  Xiaobo Zhou,et al.  A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection , 2012, J. Parallel Distributed Comput..

[14]  Alexander Hofmann,et al.  On the versatility of radial basis function neural networks: A case study in the field of intrusion detection , 2010, Inf. Sci..

[15]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[16]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[17]  Chia-Mei Chen,et al.  An efficient network intrusion detection , 2010, Comput. Commun..

[18]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.

[19]  Malcolm I. Heywood,et al.  A Hierarchical SOM based Intrusion Detection System , 2008 .

[20]  W. Marsden I and J , 2012 .

[21]  Shadi Aljawarneh,et al.  Investigations of automatic methods for detecting the polymorphic worms signatures , 2016, Future Gener. Comput. Syst..

[22]  Richard Jensen,et al.  Combining rough and fuzzy sets for feature selection , 2004 .

[23]  Shadi Aljawarneh,et al.  An enhanced J48 classification algorithm for the anomaly intrusion detection systems , 2017, Cluster Computing.

[24]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[25]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[26]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[27]  Manas Ranjan Patra,et al.  Discriminative multinomial Naïve Bayes for network intrusion detection , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[28]  Puja Padiya,et al.  Feature Selection Based Hybrid Anomaly Intrusion Detection System Using K Means and RBF Kernel Function , 2015 .