Abstract
A network traffic feature selection technique based on deep reinforcement learning is proposed. This technique is a sequential procedure at each step of which a decision is made on whether or not the available features are sufficient for network traffic classification. The proposed technique makes it possible to vary the number of features from one classified instance to another. Experiments demonstrated that the proposed technique increases the generalization ability of classification models and reduces overfitting in network intrusion detection systems (IDSs) even if only unbalanced training datasets are available.
Similar content being viewed by others
REFERENCES
Shalev-Shwartz, S. and Ben-David, S., Understanding Machine Learning: From Theory to Algorithms, Cambridge Univ. Press, 2014).
Hardt, M., Recht, B., and Singer, Y., Train faster, generalize better: Stability of stochastic gradient descent, Int. Conference on Machine Learning, 2016, pp. 1225–1234.
Vapnik, V., Levin, E., and Cun, Y.L., Measuring the VC-Dimension of a learning machine, Neural Comput., 1994, vol. 6, no. 5, pp. 851–876.
Ling, C.X. and Sheng, V.S., Cost-sensitive learning and the class imbalance problem, Encyclopedia of Machine Learning, 2011, pp. 231–235.
Lipmaa, H., Yung, M., and Lin, D., Survey and taxonomy of feature selection algorithms in intrusion detection systems, Int. Conference on Information Security and Cryptology, 2006, pp. 153–167.
Moore, K.L., Bihl, T.J., and Bauer, K.W., Feature extraction and feature selection for classifying cyber traffic threats, J. Defense Model. Simul., 2017, vol. 14, no. 3, pp. 217–231.
Hamed, T., Dara, R., and Kremer, S.C., Network intrusion detection system based on recursive feature addition and bigram technique, Comput. & Security, 2018, vol. 73, pp. 137–155.
Zhou, Y., Cheng, G., Jiang, S., and Dai, M., Building an efficient intrusion detection system based on feature selection and ensemble classifier, Comput. Networks, 2020, vol. 174, pp. 107–123.
Goryunov, M.N., Matskevich, A.G., and Rybolovlev, D.A., Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset, Eкю Proc. of the Institute for Syst. Programm. Ross. Akad., 2020, vol. 32, no. 5, pp. 81–94.
Dulac-Arnold, G., Denoyer, L., Preux, P., and Gallinari, P., Datum-wise classification: A sequential approach to sparsity, Joint European Conference on Machine Learning and Knowledge Discovery in Databases, 2011, pp. 375–390.
Janisch, J., Pevny, T., and Lisy, V., Classification with costly features using deep reinforcement learning, Proc. of the AAAI Conference on Artificial Intelligence, 2019, Vol. 33, pp. 3959–3966.
Hernandez-Garcia, J.F. and Sutton, R.S., Understanding multi-step deep reinforcement learning: A systematic study of the DQN target. arXiv preprint. arXiv:1901.07510. 2019.
Schulman, J., Wolski, F., Dhariwal, P., Radford, A., and Klimov, O., Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347. 2017.
Intrusion Detection Evaluation Dataset (CICIDS2017). https://www.unb.ca/cic/datasets/ids- 2017.htm. 2017.
Les’ko, S.A., Models and Scenario of Threat Implementation for Internet Resources, Russ. Technol. J., 2020, vol. 8, no. 6, pp. 9–33.
Bergstra, J., Bardenet, R., Bengio, Y., and Kegl, B., Algorithms for hyper-parameter optimization, Adv. Neural Inf. Process. Syst., 2011, vol. 24, pp. 123–145.
Prechelt, L., Early stopping-but when? Neural Networks: Tricks of the Trade, 1998, pp. 55–69.
Krogh, A. and Hertz, J., A simple weight decay can improve generalization, Adv. Neural Inf. Process. Syst., 1991, vol. 4, pp. 230–245.
Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., and Salakhutdinov, R., Dropout: a simple way to prevent neural networks from overfitting, J. Mach. Learning Res., 2014, vol. 15, no. 1, pp. 29–58.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The author declares that he has no conflicts of interest.
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
Belikov, V.V. Using Deep Reinforcement Learning for Selecting Network Traffic Features in Intrusion Detection Systems. Program Comput Soft 48, 359–368 (2022). https://doi.org/10.1134/S0361768822060020
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768822060020