A hybrid feature selection for network intrusion detection systems: Central points (original) (raw)
Related papers
Relevant Feature Selection Model Using Data Mining for Intrusion Detection System
Network intrusions have become a significant threat in recent years as a result of the increased demand of computer networks for critical systems. Intrusion detection system (IDS) has been widely deployed as a defense measure for computer networks. Features extracted from network traffic can be used as sign to detect anomalies. However with the huge amount of network traffic, collected data contains irrelevant and redundant features that affect the detection rate of the IDS, consumes high amount of system resources, and slowdown the training and testing process of the IDS. In this paper, a new feature selection model is proposed; this model can effectively select the most relevant features for intrusion detection. Our goal is to build a lightweight intrusion detection system by using a reduced features set. Deleting irrelevant and redundant features helps to build a faster training and testing process, to have less resource consumption as well as to maintain high detection rates. The effectiveness and the feasibility of our feature selection model were verified by several experiments on KDD intrusion detection dataset. The experimental results strongly showed that our model is not only able to yield high detection rates but also to speed up the detection process.
International Journal of Computer Network and Information Security, 2019
Building strong IDS is essential in today's network traffic environment, feature reduction is one approach in constructing the effective IDS system by selecting the most relevant features in detecting most known and unknown attacks. In this work, proposing the hybrid feature selection method by combining Mutual Information and Linear Correlation Coefficient techniques (MI-LCC) in producing the most efficient and optimized feature subset. Support Vector Machine (SVM) classification technique being used in accurately classifying the traffic data into normal and malicious records. The proposed framework shall be evaluated with the standard benchmarked datasets including KDD-Cup-99, NSL-KDD, and UNSW-NB15 datasets. The test results, comparison analysis and reference graphs shows that the proposed feature selection model produces optimized and most important features set for classifier to achieve stated accuracy and less false positive rate compared with other similar techniques.
A STUDY OF FEATURE SELECTION METHODS IN INTRUSION DETECTION SYSTEM: A SURVEY
Nowadays, detection of security threats, commonly referred to as intrusion, has become a very important and critical issue in network, data and information security. Therefore, an intrusion detection system (IDS) has become a very essential component in computer or network security. Prevention of such intrusions entirely depends on detection capability of Intrusion Detection System (IDS). As network speed becomes faster, there is an emerge need for IDS to be lightweight with high detection rates. Therefore, many feature selection approaches/methods are proposed in the literature. There are three broad categories of approaches for selecting good feature subset as filter, wrapper and hybrid approach. The aim of this paper is to present a survey of various feature selection methods for IDS on KDD CUP'99 bench mark dataset based on these three categories and different evaluation criteria.
Feature Selection Algorithms in Intrusion Detection System: A Survey
KSII Transactions on Internet and Information Systems
Regarding to the huge number of connections and the large flow of data on the Internet, Intrusion Detection System (IDS) has a difficulty to detect attacks. Moreover, irrelevant and redundant features influence on the quality of IDS precisely on the detection rate and processing cost. Feature Selection (FS) is the important technique, which gives the issue for enhancing the performance of detection. There are different works have been proposed, but a map for understanding and constructing a state of the FS in IDS is still need more investigation. In this paper, we introduce a survey of feature selection algorithms for intrusion detection system. We describe the well-known approaches that have been proposed in FS for IDS. Furthermore, we provide a classification with a comparative study between different contribution according to their techniques and results. We identify a new taxonomy for future trends and existing challenges.
Indian Journal of Computer Science and Engineering, 2022
Security of information in this Information Technology (IT) era has been one of the challenges facing individuals and organisations. Among the measures developed by security experts to counter security threats is the Intrusion Detection System (IDS). Despite earlier research efforts to develop formidable IDSs, the existing systems still suffer from a high false alarm and inability to detect new (novel) attacks because of the high volume of features in network traffic. Therefore, this study aimed at developing IDS with an enhanced feature selection and classification method using two stages of attack identification. The feature selection phase employed Particle Swarm Optimization (PSO) to optimally select relevant features from Principal Component Analysis (PCA)'s projected principal space. The reduced dataset was passed into the misuse detector using C4.5 to classify network traffic into normal and attack. The "assumed" normal traffic further passed to the anomaly detector, the second-level classifier using Support Vector Machine (SVM) for detecting new attacks that the misuse detector has not previously detected. The proposed model was demonstrated on the KDD Cup'99 and NSL-KDD intrusion datasets, with the system achieving a false alarm rate of 0.53% and detection rate of 99.43% for NSL KDD dataset. The results show that enhancing the feature selection phase and classification method reduces the false alarm and improves the system's ability to detect zero-day attacks.
Feature Selection Approach for Intrusion Detection System
2013
At present, network security needs to be concerned to provide secure information channels due to increase in potential network attacks. Intrusion Detection System (IDS) is a valuable tool for the defense-in-depth of computer networks. However, building an efficient ID faces a number of challenges. One of the important challenges is dealing with data containing a high number of features. Current IDS examines all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little to the detection process; their usage can decrease the intrusion detection efficiency as well as taking more computational time for the effective response in real time environment. The purpose of this paper is to identify important input features in building IDS that is computationally efficient and effective. In this work we propose the feature selection method by ranking them using the various feature selection algorithms like InfoGain, GainRatio, OneR, RELIEF etc. Combining the features of the best algorithms whose performance is better by comparing the result with each other using J48 classifier. To evaluate the performance of the proposed technique several experiments are conducted on the KDDcup99 dataset for intrusion detection. The empirical results indicate that input features are important to detect the intrusions and reduces the dimensionality of the features, training time and increases overall accuracy.
Intrusion Detection System Using Feature Selection and Classification Technique
International Journal of Computer Science and Application, 2014
With the growth of Internet, there has been a tremendous increases in the number of attacks and therefore Intrusion Detection Systems (IDS's) has become a main stream of information security. The purpose of IDS is to help the computer systems to deal with attacks. This anomaly detection system creates a database of normal behaviour and deviations from the normal behaviour to trigger during the occurrence of intrusions. Based on the source of data, IDS is classified into Host based IDS and Network based IDS. In network based IDS, the individual packets flowing through the network are analyzed where as in host based IDS the activities on the single computer or host are analyzed. The feature selection used in IDS helps to reduce the classification time. In this paper, the IDS for detecting the attacks effectively has been proposed and implemented. For this purpose, a new feature selection algorithm called Optimal Feature Selection algorithm based on Information Gain Ratio has been proposed and implemented. This feature selection algorithm selects optimal number of features from KDD Cup dataset. In addition, two classification techniques namely Support Vector Machine and Rule Based Classification have been used for effective classification of the data set. This system is very efficient in detecting DoS attacks and effectively reduces the false alarm rate. The proposed feature selection and classification algorithms enhance the performance of the IDS in detecting the attacks.
Performance Analysis Of Different Feature Selection Methods In Intrusion Detection
In today's era detection of security threats that are commonly referred to as intrusion, has become a very important and critical issue in network, data and information security. Highly confidential data of various organizations are present over the network so in order to preserve that data from unauthorized users or attackers a strong security framework is required. Intrusion detection system plays a major role in providing security to computer networks. An Intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside the organization. The Intrusion detection system deals with large amount of data whichcontains various irrelevant and redundant features resulting in increased processing time and low detection rate. Therefore feature selection plays an important role in intrusion detection. There arevarious feature selection methods proposed in literature by different authors. In this paper a comparative analysis of different feature selection methods are presented on KDDCUP'99 benchmark dataset and their performance are evaluated in terms of detection rate, root mean square error and computational time.
International Journal of Computer Applications, 2014
A network data set may contain a huge amount of data and processing this huge amount of data is one of the most challenges task for network based intrusion detection system (IDS). Normally these data contain lots of redundant and irrelevant features. Feature selection approaches are used to extract the relevant features from the original data to improve the efficiency or accuracy of IDS. In this paper an effective feature selection approaches are used for the NSL KDD data set. The performance of the used classifiers measure and compared with each other.
ANALYSIS OF DIFFERENT FEATURE SELECTION METHODS IN INTRUSION DETECTION SYSTEM
IJRCAR, 2014
In today’s detection of era security threats that are usually said as intrusion, has become a really vital and significant issue in network, information and knowledge security. Extremely confidential information of varied organizations is gift over the network therefore so as to preserve that information from unauthorized users or attackers a powerful security framework is needed. Intrusion detection system plays a serious role in providing security to pc networks. AN Intrusion detection system collects and analyzes info from totally different areas at intervals a pc or a network to spot attainable security threats that embody threats from each outside furthermore as within the organization. The Intrusion detection system deals with great deal of information that contains numerous orthogonal and redundant options leading to inflated time interval and low detection rate. So feature choice plays a crucial role in intrusion detection. There is numerous feature choice strategies projected in literature by totally different authors. In this paper a comparative analysis of various feature choice strategies are evaluated in terms of detection rate, root mean sq. error and procedure time