ABSTRACT
Adaptive Intrusion Detection System (IDS) is a class of IDS that uses observed flows behaviors to detect malicious activities -- usually with the aids of machine learning techniques. Most researches in this field focus on which features to be used or which classification methods to be employed. However, none have studied the impact of number of opted features on the accuracies of the anomaly detection or the smallest set of features that should be employed. This paper attempts to address these issues. We have applied feature selection algorithm, ReliefF [1] on NSL-KDD dataset [2] to select 10 most discriminative features out of 41 features. Then several machine learning algorithms are employed to classify normal and anomaly flows (both binary and multiple classes) using different set of features, each with different sizes. Experiment results show that >95% accuracies can be achieved with only 4-5 features and accuracy does not improve significantly after 6-7 features. We have also compared our results with other works and show that our work yields better results using the lower or the same number of features.
- Kononenko, I. Estimating attributes: Analysis and extensions of RELIEF. Springer Berlin Heidelberg, City, 1994.Google Scholar
- Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A. A. A detailed analysis of the KDD CUP 99 data set. City, 2009.Google Scholar
- Anantavrasilp, I. and Scholer, T. Automatic flow classification using machine learning. City, 2007.Google Scholar
- García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G. and Vázquez, E. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28, 1 (2009/02/01/ 2009), 18-28. Google ScholarDigital Library
- Frank, J. Artificial Intelligence and Intrusion Detection: Current and Future Directions, 1995.Google Scholar
- Stolfo, S. J., Wei, F., Wenke, L., Prodromidis, A. and Chan, P. K. Cost-based modeling for fraud and intrusion detection: results from the JAM project. City, 2000.Google Scholar
- Pradhan, A. Network Traffic Classification using Support Vector Machine and Artificial Neural Network, 2011.Google Scholar
- Pervez, M. S. and Farid, D. M. Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. City, 2014.Google Scholar
- Ingre, B. and Yadav, A. Performance analysis of NSL-KDD dataset using ANN. City, 2015.Google Scholar
- Yan, G. Network Anomaly Traffic Detection Method Based on Support Vector Machine. City, 2016.Google Scholar
- Quinlan, J. R. C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc., 1993. Google ScholarDigital Library
- Cohen, W. W. Fast effective rule induction. City, 1995.Google Scholar
- John, G. H. and Langley, P. Estimating continuous distributions in Bayesian classifiers. Morgan Kaufmann Publishers Inc., City, 1995.Google Scholar
- Lippmann, R. An introduction to computing with neural nets. IEEE ASSP Magazine, 4, 2 (1987), 4-22.Google ScholarCross Ref
- Hearst, M. A., Dumais, S. T., Osuna, E., Platt, J. and Scholkopf, B. Support vector machines. IEEE Intelligent Systems and their Applications, 13, 4 (1998), 18-28. Google ScholarDigital Library
- Early, J. P., Brodley, C. E. and Rosenberg, C. Behavioral authentication of server flows. City, 2003.Google Scholar
- Benferhat, S. and Tabia, K. On the combination of naive Bayes and decision trees for intrusion detection. City, 2005.Google Scholar
- Miao, Y., Ruan, Z., Pan, L., Zhang, J., Xiang, Y. and Wang, Y. Comprehensive Analysis of Network Traffic Data. City, 2016.Google Scholar
- Boger, M., Liu, T., Ratliff, J., Nick, W., Yuan, X. and Esterline, A. Network traffic classification for security analysis. City, 2016.Google Scholar
- Kira, K. and Rendell, L. A. The feature selection problem: traditional methods and a new algorithm. In Proceedings of the Proceedings of the tenth national conference on Artificial intelligence (San Jose, California, 1992). AAAI Press, {insert City of Publication},{insert 1992 of Publication}. Google ScholarDigital Library
- Howcroft, J. Evaluation of Wearable Sensors as an Older Adult Fall Risk Assessment Tool. UWSpace, 2016.Google Scholar
- Witten, I. H., Frank, E., Hall, M. A. and Pal, C. J. Data mining: practical machine learning tools and techniques (2017). Google ScholarDigital Library
- Lesmeister, C. Mastering machine learning with R: master machine learning techniques with R to deliver insights for complex projects (2015).Google Scholar
- Zhang, M. and Sawchuk, A. A. A feature selection-based framework for human activity recognition using wearable multimodal sensors. In Proceedings of the Proceedings of the 6th International Conference on Body Area Networks (Beijing, China, 2011). Google ScholarDigital Library
Index Terms
- The Effect of Sizes of the Feature Sets on Intrusion Detection Performances
Recommendations
Intrusion Detection System by Using Hybrid Algorithm of Data Mining Technique
ICSCA '18: Proceedings of the 2018 7th International Conference on Software and Computer ApplicationsThe aim of a network-based intrusion detection system (NIDS) is to detect malicious activity that targets a network and its resources. Abnormal activities or behaviors on the network systems could be identified by security systems. But, conventional ...
New Wrapper Feature Selection Algorithm for Anomaly-Based Intrusion Detection Systems
Foundations and Practice of SecurityAbstractWith advanced persistent and zero-days threats, the threat landscape is constantly evolving. Signature-based defense is ineffective against these new attacks. Anomaly-based intrusion detection systems rely on classification models, trained on ...
An IWD-based feature selection method for intrusion detection system
Intrusion detection system (IDS) is an essential cyber security tool which is used to detect abnormal activity on a network or a host. A general approach towards designing IDS models is to use classifiers as detection units. But a large feature space ...
Comments