Skip to main content
SpringerLink
Log in

Selecting Features for Anomaly Intrusion Detection: A Novel Method using Fuzzy C Means and Decision Tree Classification

  • Conference paper
Book cover Cyberspace Safety and Security (CSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8300))

Included in the following conference series:

Abstract

In this work, a new method for classification is proposed consisting of a combination of feature selection, normalization, fuzzy C means clustering algorithm and C4.5 decision tree algorithm. The aim of this method is to improve the performance of the classifier by using selected features. The fuzzy C means clustering method is used to partition the training instances into clusters. On each cluster, we build a decision tree using C4.5 algorithm. Experiments on the KDD CUP 99 data set shows that our proposed method in detecting intrusion achieves better performance while reducing the relevant features by more than 80%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Applied Soft Computing 9(2), 462–469 (2009)

    Article  Google Scholar 

  2. Casas, P., Mazel, J., Owezarski, P.: Unsupervised network intrusion detection systems: Detecting the unknown without knowledge. Computer Communications 35(7), 772–783 (2012)

    Article  Google Scholar 

  3. Bolón-Canedo, V., Sánchez-Maroño, N., Alonso-Betanzos, A.: Feature selection and classification in multiple class datasets: An application to kdd cup 99 dataset. Expert Systems with Applications 38(5), 5947–5957 (2011)

    Article  Google Scholar 

  4. Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Computers & Security 24(4), 295–307 (2005)

    Article  Google Scholar 

  5. Mukkamala, S., Sung, A.H.: Feature ranking and selection for intrusion detection systems using support vector machines. In: Proceedings of the Second Digital Forensic Research Workshop. Citeseer (2002)

    Google Scholar 

  6. Lin, S.-W., Ying, K.-C., Lee, C.-Y., Lee, Z.-J.: An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Applied Soft Computing 12(10), 3285–3290 (2012)

    Article  Google Scholar 

  7. Amiri, F., Rezaei, Y., Mohammad, M., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. Journal of Network and Computer Applications 34(4), 1184–1199 (2011)

    Article  Google Scholar 

  8. Muniyandi, A.P., Rajeswari, R., Rajaram, R.: Network anomaly detection by cascading k-means clustering and c4. 5 decision tree algorithm. Procedia Engineering 30, 174–182 (2012)

    Article  Google Scholar 

  9. Altwaijry, H.: Bayesian based intrusion detection system. In: IAENG Transactions on Engineering Technologies, pp. 29–44. Springer (2013)

    Google Scholar 

  10. Parsons, L., Haque, E., Liu, H.: Subspace clustering for high dimensional data: a review. ACM SIGKDD Explorations Newsletter 6(1), 90–105 (2004)

    Article  Google Scholar 

  11. Fred, A.L., Jain, A.K.: Combining multiple clusterings using evidence accumulation. IEEE Transactions on Pattern Analysis and Machine Intelligence 27(6), 835–850 (2005)

    Article  Google Scholar 

  12. Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: KDD, vol. 96, pp. 226–231 (1996)

    Google Scholar 

  13. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, vol. 38, pp. 333–342. Australian Computer Society, Inc. (2005)

    Google Scholar 

  14. Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA 2001). Citeseer (2001)

    Google Scholar 

  15. Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on kdd 99 intrusion detection datasets. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust. Citeseer (2005)

    Google Scholar 

  16. Cho, J., Lee, C., Cho, S., Song, J.H., Lim, J., Moon, J.: A statistical model for network data analysis: Kdd cup 99data evaluation and its comparing with mit lincoln laboratory network data. Simulation Modelling Practice and Theory 18(4), 431–435 (2010)

    Article  Google Scholar 

  17. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.-A.: A detailed analysis of the kdd cup 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Software College, Northeastern University, Shenyang, Liaoning, China, 110819

    Jingping Song & Zhiliang Zhu

  2. Department of Computer Science, Aberystwyth University, UK, SY23 3DB

    Jingping Song, Peter Scully & Chris Price

Authors
  1. Jingping Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiliang Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Scully
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chris Price
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan, P.R. China

    Guojun Wang

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523-1873, Fort Collins, CO, USA

    Indrakshi Ray

  3. Chinese Academy of Sciences, Institute of Software, 100190, Beijing, P.R. China

    Dengguo Feng

  4. information Security Group, City University London, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Song, J., Zhu, Z., Scully, P., Price, C. (2013). Selecting Features for Anomaly Intrusion Detection: A Novel Method using Fuzzy C Means and Decision Tree Classification. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03584-0_22

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03583-3

  • Online ISBN: 978-3-319-03584-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation