Skip to main content
SpringerLink
Log in

New Wrapper Feature Selection Algorithm for Anomaly-Based Intrusion Detection Systems

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12637))

Included in the following conference series:

  • 386 Accesses

Abstract

With advanced persistent and zero-days threats, the threat landscape is constantly evolving. Signature-based defense is ineffective against these new attacks. Anomaly-based intrusion detection systems rely on classification models, trained on specific datasets, to detect them. Their efficiency is related to the features used by the classifier. Feature selection is a fundamental phase of anomaly-based intrusion detection systems. It selects the near-optimal subset of features in order to improve the detection accuracy and reduce the classification time. This paper introduces a new wrapper method based on two phases. The first phase adopts a correlation analysis between two variables as a measure of feature quality. This phase aims to select the features that contribute the most to the classification by selecting the ones that highly correlated to either the normal or attack traffic but not both. The second phase is used to search for a proper subset that improves the detection accuracy. Our approach is evaluated using three well-known datasets: NSL-KDD, UNSW-NB15 and CICIDS2017. The evaluation results show that our algorithm significantly increases the detection accuracy and improves the detection time. Moreover, it is particularly efficient on stealthy attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://nsl.cs.unb.ca/KDD/NSL-KDD.html.

  2. 2.

    https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/.

References

  1. Aljawarneh, S., Aldwairi, M., Yassein, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 25, 152–160 (2018)

    Article  Google Scholar 

  2. Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)

    Article  MathSciNet  Google Scholar 

  3. Davis, A., Gill, S., Wong, R., Tayeb, S.: Feature selection for deep neural networks in cyber security applications. In: 2020 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), pp. 1–7. IEEE (2020)

    Google Scholar 

  4. Eesa, A.S., Orman, Z., Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)

    Article  Google Scholar 

  5. Hall, M.A.: Correlation-based feature selection for machine learning (1999)

    Google Scholar 

  6. De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)

    Article  Google Scholar 

  7. Kamarudin, M.H., Maple, C., Watson, T.: Hybrid feature selection technique for intrusion detection system. Int. J. High Perform. Comput. Netw. 13(2), 232–240 (2019)

    Article  Google Scholar 

  8. Karegowda, A.G., Manjunath, A., Jayaram, M.: Comparative study of attribute selection using gain ratio and correlation based feature selection. Int. J. Inf. Technol. Knowl. Manage. 2(2), 271–277 (2010)

    Google Scholar 

  9. Khammassi, C., Krichen, S.: A GA-LR wrapper approach for feature selection in network intrusion detection. Comput. Secur. 70, 255–277 (2017). https://doi.org/10.1016/j.cose.2017.06.005. http://www.sciencedirect.com/science/article/pii/S0167404817301244

  10. Kumari, B., Swarnkar, T.: Filter versus wrapper feature subset selection in large dimensionality micro array: a review (2011)

    Google Scholar 

  11. Muttaqien, I.Z., Ahmad, T.: Increasing performance of IDS by selecting and transforming features. In: 2016 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT), pp. 85–90. IEEE (2016)

    Google Scholar 

  12. Nskh, P., Varma, M.N., Naik, R.R.: Principle component analysis based intrusion detection system using support vector machine. In: IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 1344–1350. IEEE (2016)

    Google Scholar 

  13. Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener. Comput. Syst. 79, 558–574 (2018)

    Article  Google Scholar 

  14. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)

    Google Scholar 

  15. Shahbaz, M.B., Wang, X., Behnad, A., Samarabandu, J.: On efficiency enhancement of the correlation-based feature selection for intrusion detection systems. In: 2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 1–7. IEEE (2016)

    Google Scholar 

  16. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009, pp. 1–6. IEEE (2009)

    Google Scholar 

  17. Thaseen, I.S., Kumar, C.A.: Intrusion detection model using chi square feature selection and modified Naïve bayes classifier. In: Vijayakumar, V., Neelanarayanan, V. (eds.) Proceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC – 16’). SIST, vol. 49, pp. 81–91. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30348-2_7

    Chapter  Google Scholar 

  18. Wang, H., Gu, J., Wang, S.: An effective intrusion detection framework based on SVM with feature augmentation. Knowl.-Based Syst. 136, 130–139 (2017)

    Article  Google Scholar 

  19. Wang, Y.F., Liu, P.Y., Ren, M., Chen, X.X.: Intrusion detection algorithms based on correlation information entropy and binary particle swarm optimization. In: 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), pp. 2829–2834. IEEE (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Limed Laboratory, Faculty of Exact Sciences, University Abderrahmane Mira, Bejaia, Algeria

    Meriem Kherbache & Kamal Amroun

  2. University of Western Brittany, Brest, France

    David Espes

Authors
  1. Meriem Kherbache
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Espes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kamal Amroun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meriem Kherbache .

Editor information

Editors and Affiliations

  1. Polytechnique Montréal, Montréal, QC, Canada

    Gabriela Nicolescu

  2. CEA-Leti Technology Research Institute, Grenoble, France

    Assia Tria

  3. Polytechnique Montréal, Montréal, QC, Canada

    José M. Fernandez

  4. University of Lorraine, Vandœuvre lès Nancy, France

    Jean-Yves Marion

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kherbache, M., Espes, D., Amroun, K. (2021). New Wrapper Feature Selection Algorithm for Anomaly-Based Intrusion Detection Systems. In: Nicolescu, G., Tria, A., Fernandez, J.M., Marion, JY., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2020. Lecture Notes in Computer Science(), vol 12637. Springer, Cham. https://doi.org/10.1007/978-3-030-70881-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-70881-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-70880-1

  • Online ISBN: 978-3-030-70881-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation