Building an Effective Intrusion Detection System using Genetic Algorithm based Feature Selection (original) (raw)
Related papers
Fusion of Statistic, Data Mining and Genetic Algorithm for feature selection in Intrusion Detection
The security of information and data is a critical issue in a computer networked environment. In our society computer networks are used to store proprietary information and to provide services for organizations and society. So in order to secure this valuable information from unknown attacks (intrusions) need of intrusion detection system arises. There are many intrusion detection approaches focused on the issues of feature reduction as some of the features are irrelevant or redundant which results in lengthy detection process and degrading the performance of an IDS. So in order to design lightweight IDS we investigate the performance of three feature selection approaches CFS, Information Gain and Gain Ratio. In this paper we propose a fusion model by making use of the three standard algorithms and finally applying genetic algorithm that identify important reduced input features. We apply Naive Bayes classifier on the dataset for evaluating the performance of the proposed method over the standard ones. The reduced attributes shows that proposed algorithm give better performance that is efficient and effective for detecting intrusions.
Feature Selection Approach for Intrusion Detection System
2013
At present, network security needs to be concerned to provide secure information channels due to increase in potential network attacks. Intrusion Detection System (IDS) is a valuable tool for the defense-in-depth of computer networks. However, building an efficient ID faces a number of challenges. One of the important challenges is dealing with data containing a high number of features. Current IDS examines all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little to the detection process; their usage can decrease the intrusion detection efficiency as well as taking more computational time for the effective response in real time environment. The purpose of this paper is to identify important input features in building IDS that is computationally efficient and effective. In this work we propose the feature selection method by ranking them using the various feature selection algorithms like InfoGain, GainRatio, OneR, RELIEF etc. Combining the features of the best algorithms whose performance is better by comparing the result with each other using J48 classifier. To evaluate the performance of the proposed technique several experiments are conducted on the KDDcup99 dataset for intrusion detection. The empirical results indicate that input features are important to detect the intrusions and reduces the dimensionality of the features, training time and increases overall accuracy.
Feature Selection Algorithms in Intrusion Detection System: A Survey
KSII Transactions on Internet and Information Systems
Regarding to the huge number of connections and the large flow of data on the Internet, Intrusion Detection System (IDS) has a difficulty to detect attacks. Moreover, irrelevant and redundant features influence on the quality of IDS precisely on the detection rate and processing cost. Feature Selection (FS) is the important technique, which gives the issue for enhancing the performance of detection. There are different works have been proposed, but a map for understanding and constructing a state of the FS in IDS is still need more investigation. In this paper, we introduce a survey of feature selection algorithms for intrusion detection system. We describe the well-known approaches that have been proposed in FS for IDS. Furthermore, we provide a classification with a comparative study between different contribution according to their techniques and results. We identify a new taxonomy for future trends and existing challenges.
Genetic Algorithm Based Feature Selection Technique for Optimal Intrusion Detection
2021
In recent years, several industries have registered an impressive improvement in tech1 nological advances such as Internet of Things (IoT), e-commerce, vehicular networks, etc. These 2 advances have sparked an increase in the volume of information that gets transmitted from differ3 ent nodes of a computer network (CN). As a result, it is crucial to safeguard CNs against security 4 threats and intrusions that can compromise the integrity of those systems. In this paper, we pro5 pose a machine mearning (ML) intrusion detection system (IDS) in conjunction with the Genetic 6 Algorithm (GA) for feature selection. To assess the effectiveness of the proposed framework, we 7 use the NSL-KDD dataset. Furthermore, we consider the following ML methods in the modelling 8 process: decision tree (DT), support vector machine (SVM), random forest (RF), extra-trees (ET), 9 extreme gradient boosting (XGB), and naïve Bayes (NB). The results demonstrated that using the 10 GA algorithm has a positive im...
A STUDY OF FEATURE SELECTION METHODS IN INTRUSION DETECTION SYSTEM: A SURVEY
Nowadays, detection of security threats, commonly referred to as intrusion, has become a very important and critical issue in network, data and information security. Therefore, an intrusion detection system (IDS) has become a very essential component in computer or network security. Prevention of such intrusions entirely depends on detection capability of Intrusion Detection System (IDS). As network speed becomes faster, there is an emerge need for IDS to be lightweight with high detection rates. Therefore, many feature selection approaches/methods are proposed in the literature. There are three broad categories of approaches for selecting good feature subset as filter, wrapper and hybrid approach. The aim of this paper is to present a survey of various feature selection methods for IDS on KDD CUP'99 bench mark dataset based on these three categories and different evaluation criteria.
Intrusion Detection System Using Feature Selection and Classification Technique
International Journal of Computer Science and Application, 2014
With the growth of Internet, there has been a tremendous increases in the number of attacks and therefore Intrusion Detection Systems (IDS's) has become a main stream of information security. The purpose of IDS is to help the computer systems to deal with attacks. This anomaly detection system creates a database of normal behaviour and deviations from the normal behaviour to trigger during the occurrence of intrusions. Based on the source of data, IDS is classified into Host based IDS and Network based IDS. In network based IDS, the individual packets flowing through the network are analyzed where as in host based IDS the activities on the single computer or host are analyzed. The feature selection used in IDS helps to reduce the classification time. In this paper, the IDS for detecting the attacks effectively has been proposed and implemented. For this purpose, a new feature selection algorithm called Optimal Feature Selection algorithm based on Information Gain Ratio has been proposed and implemented. This feature selection algorithm selects optimal number of features from KDD Cup dataset. In addition, two classification techniques namely Support Vector Machine and Rule Based Classification have been used for effective classification of the data set. This system is very efficient in detecting DoS attacks and effectively reduces the false alarm rate. The proposed feature selection and classification algorithms enhance the performance of the IDS in detecting the attacks.
Taxonomy of Feature selection in Intrusion Detection System
Although, using Internet for daily life and business has raised significantly but this popularity has brought enormous amount of risk by network attacks. Intrusion detection techniques is one most interesting research area in network security. Using IDS systems in networks can help to identify abnormal activities or detect attacks patterns to secure internal assets. In this literature, intrusion detection methods have been used by various machine learning approaches. In this article reviews the importance of security countermeasures. It begins with a background review on computer security and the taxonomy of Intrusion Detection and current technique of feature selection and drawing the taxonomy of intrusion detection system. This paper covers details of IDS design and development issues. It is studied for dimensionality reduction to find which means achieved a better accuracy and reduce workload, followed by existing techniques to compare a classifier and classifiers' designs.
Hybrid Feature Selection Algorithm for Intrusion Detection System
Journal of Computer Science, 2014
Network security is a serious global concern. Usefulness Intrusion Detection Systems (IDS) are increasing incredibly in Information Security research using Soft computing techniques. In the previous researches having irrelevant and redundant features are recognized causes of increasing the processing speed of evaluating the known intrusive patterns. In addition, an efficient feature selection method eliminates dimension of data and reduce redundancy and ambiguity caused by none important attributes. Therefore, feature selection methods are well-known methods to overcome this problem. There are various approaches being utilized in intrusion detections, they are able to perform their method and relatively they are achieved with some improvements. This work is based on the enhancement of the highest Detection Rate (DR) algorithm which is Linear Genetic Programming (LGP) reducing the False Alarm Rate (FAR) incorporates with Bees Algorithm. Finally, Support Vector Machine (SVM) is one of the best candidate solutions to settle IDSs problems. In this study four sample dataset containing 4000 random records are excluded randomly from this dataset for training and testing purposes. Experimental results show that the LGP_BA method improves the accuracy and efficiency compared with the previous related research and the feature subcategory offered by LGP_BA gives a superior representation of data.
One of the most common problems in existing detection techniques is the high curse of dimensionality, due to multidimensional features of the network attack data. This paper investigates the performances of genetic algorithm (GA) with support vector machine (SVM) classification method for feature selection, the forward feature selection algorithm (FFSA) and linear correlation feature selection (LCFS) in detecting different types of network attacks. In particular, the feature selection capability of GA, FFSA and LCFS has been studied. In this work GA, FFSA and LCFS have been implemented and tested on KDD CUP 1999 dataset. The results have shown that all of the algorithms are capable of achieving about 99% detection rate at different number of reduced features. GA with SVMand LCFS require only 21 features, while FFSA requires 31 features to detect the attacks effectively. In addition, the false positive results shown by all of the algorithms are comparatively low, between 0.43% and 0.59% when the detection rate is almost perfect.
Bio-inspired Hybrid Feature Selection Model for Intrusion Detection
Computers, Materials & Continua
Intrusion detection is a serious and complex problem. Undoubtedly due to a large number of attacks around the world, the concept of intrusion detection has become very important. This research proposes a multilayer bioinspired feature selection model for intrusion detection using an optimized genetic algorithm. Furthermore, the proposed multilayer model consists of two layers (layers 1 and 2). At layer 1, three algorithms are used for the feature selection. The algorithms used are Particle Swarm Optimization (PSO), Grey Wolf Optimization (GWO), and Firefly Optimization Algorithm (FFA). At the end of layer 1, a priority value will be assigned for each feature set. At layer 2 of the proposed model, the Optimized Genetic Algorithm (GA) is used to select one feature set based on the priority value. Modifications are done on standard GA to perform optimization and to fit the proposed model. The Optimized GA is used in the training phase to assign a priority value for each feature set. Also, the priority values are categorized into three categories: high, medium, and low. Besides, the Optimized GA is used in the testing phase to select a feature set based on its priority. The feature set with a high priority will be given a high priority to be selected. At the end of phase 2, an update for feature set priority may occur based on the selected features priority and the calculated F-Measures. The proposed model can learn and modify feature sets priority, which will be reflected in selecting features. For evaluation purposes, two well-known datasets are used in these experiments. The first dataset is UNSW-NB15, the other dataset is the NSL-KDD. Several evaluation criteria are used, such as precision, recall, and F-Measure. The experiments in this research suggest that the proposed model has a powerful and promising mechanism for the intrusion detection system.