论文信息 - Class dependent feature transformation for intrusion detection systems

Class dependent feature transformation for intrusion detection systems

Most of intrusion detection systems use primary and raw input features which are extracted from network connection without any preprocessing on the extracted features. In this paper, we propose a new feature transformation method based on class dependent approach for improving the accuracy of intrusion detection systems. In usual class dependent feature transformation methods the mapping process is accomplished using different mapping matrices for different classes of the dataset. In these methods, there is a difference between the train and test phases. In the training phase of class-dependent methods, samples of each class is mapped only using the corresponding matrix, however, in the test phase, each sample is mapped using all of the transformed matrices. This may lead to some mistakes in classification. In this paper we modify the train and test phases on class dependent methods and propose a new linear feature transformation method. Unlike the usual class-dependent methods, the training and test phases of the proposed method are very similar. This similarity aids the classifier to learn more about dataset samples and transformation process. The performance of our proposed method is evaluated using three different indices, namely mutual information, maximum relevancy minimum redundancy criteria, and classification accuracy. The proposed method was evaluated on a benchmark intrusion detection dataset (NSL-KDD dataset). The experimental results demonstrate that applying the proposed feature transformation method leads to higher classification accuracy and makes the IDS more capable of distinguishing intruders from normal users.

Ahmad Akbari | Bijan Raahemi | Mehdi Mohammadi | Babak Nassersharif

[1] Muhammad Zubair Shafiq,et al. Improving accuracy of immune-inspired malware detectors by using intelligent features , 2008, GECCO '08.

[2] Marc Dacier,et al. A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[3] Wei-Yang Lin,et al. Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[4] Ali A. Ghorbani,et al. A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[5] Ahmad Akbari,et al. Robust speech recognition using evolutionary class-dependent LDA , 2009, GECCO '09.

[6] Taeshik Shon,et al. A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[7] Rupali Datti,et al. Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis , 2010 .

[8] Jung-Min Park,et al. An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[9] Elizabeth B. Lennon. Testing Intrusion Detection Systems , 2003 .

[10] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[11] Octavio Nieto-Taladriz,et al. Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..