Feature Selection Approach for Intrusion Detection System
GULSHAN KUMAR2013
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
At present, network security needs to be concerned to provide secure information channels due to increase in potential network attacks. Intrusion Detection System (IDS) is a valuable tool for the defense-in-depth of computer networks. However, building an efficient ID faces a number of challenges. One of the important challenges is dealing with data containing a high number of features. Current IDS examines all data features to detect intrusion or misuse patterns. Some of the features may be redundant or contribute little to the detection process; their usage can decrease the intrusion detection efficiency as well as taking more computational time for the effective response in real time environment. The purpose of this paper is to identify important input features in building IDS that is computationally efficient and effective. In this work we propose the feature selection method by ranking them using the various feature selection algorithms like InfoGain, GainRatio, OneR, RELIEF etc. Combining the features of the best algorithms whose performance is better by comparing the result with each other using J48 classifier. To evaluate the performance of the proposed technique several experiments are conducted on the KDDcup99 dataset for intrusion detection. The empirical results indicate that input features are important to detect the intrusions and reduces the dimensionality of the features, training time and increases overall accuracy.
Related papers
A STUDY OF FEATURE SELECTION METHODS IN INTRUSION DETECTION SYSTEM: A SURVEY
Nowadays, detection of security threats, commonly referred to as intrusion, has become a very important and critical issue in network, data and information security. Therefore, an intrusion detection system (IDS) has become a very essential component in computer or network security. Prevention of such intrusions entirely depends on detection capability of Intrusion Detection System (IDS). As network speed becomes faster, there is an emerge need for IDS to be lightweight with high detection rates. Therefore, many feature selection approaches/methods are proposed in the literature. There are three broad categories of approaches for selecting good feature subset as filter, wrapper and hybrid approach. The aim of this paper is to present a survey of various feature selection methods for IDS on KDD CUP'99 bench mark dataset based on these three categories and different evaluation criteria.
Feature Selection Algorithms in Intrusion Detection System: A Survey
KSII Transactions on Internet and Information Systems
Regarding to the huge number of connections and the large flow of data on the Internet, Intrusion Detection System (IDS) has a difficulty to detect attacks. Moreover, irrelevant and redundant features influence on the quality of IDS precisely on the detection rate and processing cost. Feature Selection (FS) is the important technique, which gives the issue for enhancing the performance of detection. There are different works have been proposed, but a map for understanding and constructing a state of the FS in IDS is still need more investigation. In this paper, we introduce a survey of feature selection algorithms for intrusion detection system. We describe the well-known approaches that have been proposed in FS for IDS. Furthermore, we provide a classification with a comparative study between different contribution according to their techniques and results. We identify a new taxonomy for future trends and existing challenges.
Intrusion Detection System Using Feature Selection and Classification Technique
International Journal of Computer Science and Application, 2014
With the growth of Internet, there has been a tremendous increases in the number of attacks and therefore Intrusion Detection Systems (IDS's) has become a main stream of information security. The purpose of IDS is to help the computer systems to deal with attacks. This anomaly detection system creates a database of normal behaviour and deviations from the normal behaviour to trigger during the occurrence of intrusions. Based on the source of data, IDS is classified into Host based IDS and Network based IDS. In network based IDS, the individual packets flowing through the network are analyzed where as in host based IDS the activities on the single computer or host are analyzed. The feature selection used in IDS helps to reduce the classification time. In this paper, the IDS for detecting the attacks effectively has been proposed and implemented. For this purpose, a new feature selection algorithm called Optimal Feature Selection algorithm based on Information Gain Ratio has been proposed and implemented. This feature selection algorithm selects optimal number of features from KDD Cup dataset. In addition, two classification techniques namely Support Vector Machine and Rule Based Classification have been used for effective classification of the data set. This system is very efficient in detecting DoS attacks and effectively reduces the false alarm rate. The proposed feature selection and classification algorithms enhance the performance of the IDS in detecting the attacks.
Feature Selection for Modeling Intrusion Detection
International Journal of Computer Network and Information Security, 2014
Feature selection is always beneficial to the field like Intrusion Detection, where vast amount of features extracted from network traffic needs to be analysed. All features extracted are not informative and some of them are redundant also. We investigated the performance of three feature selection algorithms Chisquare, Information Gain based and Correlation based with Naive Bayes (NB) and Decision Table Classifier. Empirical results show that significant feature selection can help to design an IDS that is lightweight, efficient and effective for real world detection systems.
Taxonomy of Feature selection in Intrusion Detection System
Although, using Internet for daily life and business has raised significantly but this popularity has brought enormous amount of risk by network attacks. Intrusion detection techniques is one most interesting research area in network security. Using IDS systems in networks can help to identify abnormal activities or detect attacks patterns to secure internal assets. In this literature, intrusion detection methods have been used by various machine learning approaches. In this article reviews the importance of security countermeasures. It begins with a background review on computer security and the taxonomy of Intrusion Detection and current technique of feature selection and drawing the taxonomy of intrusion detection system. This paper covers details of IDS design and development issues. It is studied for dimensionality reduction to find which means achieved a better accuracy and reduce workload, followed by existing techniques to compare a classifier and classifiers' designs.
Comparison of Two Feature Selection Methods in Intrusion Detection Systems
7th IEEE International Conference on Computer and Information Technology (CIT 2007), 2007
The quality of features directly affects the performance of classification. Many feature selection methods introduced to remove redundant and irrelevant features, because raw features may reduce accuracy or robustness of classification. In this paper we proposed a new method for feature selection based on Decision Dependent Correlation (DDC). We have used SVM classifier and the results on DARPA KDD99 benchmark dataset indicate that the proposed method outperforms Principal Component Analysis (PCA).
Comprehensive analysis and recommendation of feature evaluation measures for intrusion detection
Heliyon
The revolutionary advances in network technologies have spearheaded the design of advanced cyberattacks to surpass traditional security defense with dreadful consequences. Recently, Intrusion Detection System (IDS) is considered as a pivotal element in network security infrastructures to achieve solid line of protection against cyberattacks. The prime challenges presented to IDS are curse of high dimensionality and class imbalance that tends to increase the detection time and degrade the efficiency of IDS. As a result, feature selection plays an important role in enabling to identify the most significant features for intrusion detection. Although, several feature evaluation measures are being proposed for feature selection in literature, there is no consensus on which measures are best for intrusion detection. Therein, this work aims at recommending the most appropriate feature evaluation measure for building an efficient IDS. In this direction, four filter-based feature evaluation measures that stem from different theories such as Consistency, Correlation, Information and Distance are investigated for their potential implications in enhancing the detection ability of IDS model for different classes of attacks. Along with this, the influence of the selected features on classification accuracy of an IDS model is analyzed using four different categories of classifiers namely, K-nearest neighbors (KNN), Random Forest (RF), Support Vector Machine (SVM) and Deep Belief Network (DBN). Finally, a two-step statistical significance test is conducted on the experimental results to determine which feature evaluation measure contributes statistically significant difference in IDS performance. All the experimental comparisons are performed on two benchmark intrusion detection datasets, NSL-KDD and UNSW-NB15. In these experiments, consistency measure has best influenced the IDS model in improving the detection ability with regard to detection rate (DR), false alarm rate (FAR), kappa statistics (KS) and identifying the most significant features for intrusion detection. Also, from the analysis results, it is revealed that RF is the ideal classifier to be used in conjunction with any of these four feature evaluation measures to achieve better detection accuracy than others. From the statistical results, we recommend the use of consistency measure for designing an efficient IDS in terms of DR and FAR.
Feature selection for intrusion detection systems
2020 13th International Symposium on Computational Intelligence and Design (ISCID), 2020
In this paper, we analyze existing feature selection methods to identify the key elements of network traffic data that allow intrusion detection. In addition, we propose a new feature selection method that addresses the challenge of considering continuous input features and discrete target values. We show that the proposed method performs well against the benchmark selection methods. We use our findings to develop a highly effective machine learning-based detection systems that achieves 99.9% accuracy in distinguishing between DDoS and benign signals. We believe that our results can be useful to experts who are interested in designing and building automated intrusion detection systems.
Intrusions Classification based on Optimum Features Subset and Efficient Dataset Selection
Index Terms-Intrusion Detection, GA, LDA, NSL-KDD Dataset and RBF.
An Enhanced Feature Selection and Classification Model for Network Intrusion Detection System Using Data Mining Techniques
Indian Journal of Computer Science and Engineering, 2022
Security of information in this Information Technology (IT) era has been one of the challenges facing individuals and organisations. Among the measures developed by security experts to counter security threats is the Intrusion Detection System (IDS). Despite earlier research efforts to develop formidable IDSs, the existing systems still suffer from a high false alarm and inability to detect new (novel) attacks because of the high volume of features in network traffic. Therefore, this study aimed at developing IDS with an enhanced feature selection and classification method using two stages of attack identification. The feature selection phase employed Particle Swarm Optimization (PSO) to optimally select relevant features from Principal Component Analysis (PCA)'s projected principal space. The reduced dataset was passed into the misuse detector using C4.5 to classify network traffic into normal and attack. The "assumed" normal traffic further passed to the anomaly detector, the second-level classifier using Support Vector Machine (SVM) for detecting new attacks that the misuse detector has not previously detected. The proposed model was demonstrated on the KDD Cup'99 and NSL-KDD intrusion datasets, with the system achieving a false alarm rate of 0.53% and detection rate of 99.43% for NSL KDD dataset. The results show that enhancing the feature selection phase and classification method reduces the false alarm and improves the system's ability to detect zero-day attacks.
Related papers
Enhanced relevant feature selection model for intrusion detection systems
International Journal of Intelligent Engineering Informatics, 2016
With the increased amount of network threats and intrusions, finding an efficient and reliable defence measure has a great focus as a research field. Intrusion detection systems (IDSs) have been widely deployed as effective defence measure for existing networks. IDSs detect anomalies based on features extracted from network traffic. Network traffic has many features to measure. The problem is that with the huge amount of network traffic we can measure many irrelevant features. These irrelevant features usually affect the performance of detection rate and consume the IDSs resources. In this paper, we proposed an enhanced model to increase attacks detection accuracy and to improve overall system performance. We measured the performance of the proposed model and verified its effectiveness and feasibility by comparing it with nine-different models and with a model that used the 41-features dataset. The results showed that, our enhanced model could efficiently achieves high detection rate, high performance rate, low false alarm rate, and fast and reliable detection process.
Performance Analysis Of Different Feature Selection Methods In Intrusion Detection
In today's era detection of security threats that are commonly referred to as intrusion, has become a very important and critical issue in network, data and information security. Highly confidential data of various organizations are present over the network so in order to preserve that data from unauthorized users or attackers a strong security framework is required. Intrusion detection system plays a major role in providing security to computer networks. An Intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside the organization. The Intrusion detection system deals with large amount of data whichcontains various irrelevant and redundant features resulting in increased processing time and low detection rate. Therefore feature selection plays an important role in intrusion detection. There arevarious feature selection methods proposed in literature by different authors. In this paper a comparative analysis of different feature selection methods are presented on KDDCUP'99 benchmark dataset and their performance are evaluated in terms of detection rate, root mean square error and computational time.
Relevant Feature Selection Model Using Data Mining for Intrusion Detection System
Network intrusions have become a significant threat in recent years as a result of the increased demand of computer networks for critical systems. Intrusion detection system (IDS) has been widely deployed as a defense measure for computer networks. Features extracted from network traffic can be used as sign to detect anomalies. However with the huge amount of network traffic, collected data contains irrelevant and redundant features that affect the detection rate of the IDS, consumes high amount of system resources, and slowdown the training and testing process of the IDS. In this paper, a new feature selection model is proposed; this model can effectively select the most relevant features for intrusion detection. Our goal is to build a lightweight intrusion detection system by using a reduced features set. Deleting irrelevant and redundant features helps to build a faster training and testing process, to have less resource consumption as well as to maintain high detection rates. The effectiveness and the feasibility of our feature selection model were verified by several experiments on KDD intrusion detection dataset. The experimental results strongly showed that our model is not only able to yield high detection rates but also to speed up the detection process.
Building an intrusion detection system using a filter-based feature selection algorithm
IEEE Transactions on Computers, 2016
Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.
ANALYSIS OF DIFFERENT FEATURE SELECTION METHODS IN INTRUSION DETECTION SYSTEM
IJRCAR, 2014
In today’s detection of era security threats that are usually said as intrusion, has become a really vital and significant issue in network, information and knowledge security. Extremely confidential information of varied organizations is gift over the network therefore so as to preserve that information from unauthorized users or attackers a powerful security framework is needed. Intrusion detection system plays a serious role in providing security to pc networks. AN Intrusion detection system collects and analyzes info from totally different areas at intervals a pc or a network to spot attainable security threats that embody threats from each outside furthermore as within the organization. The Intrusion detection system deals with great deal of information that contains numerous orthogonal and redundant options leading to inflated time interval and low detection rate. So feature choice plays a crucial role in intrusion detection. There is numerous feature choice strategies projected in literature by totally different authors. In this paper a comparative analysis of various feature choice strategies are evaluated in terms of detection rate, root mean sq. error and procedure time
Comparative Study of Different Models before Feature Selection and AFTER Feature Selection for Intrusion Detection
International Journal of Computer Applications, 2014
A network data set may contain a huge amount of data and processing this huge amount of data is one of the most challenges task for network based intrusion detection system (IDS). Normally these data contain lots of redundant and irrelevant features. Feature selection approaches are used to extract the relevant features from the original data to improve the efficiency or accuracy of IDS. In this paper an effective feature selection approaches are used for the NSL KDD data set. The performance of the used classifiers measure and compared with each other.
Design and performance analysis of various feature selection methods for anomaly-based techniques in intrusion detection system
Security and Privacy
Intrusion detection system (IDS) is essential for the network; the intruder can steal sensitive information about networks. The IDS must have the ability to take care of large and real-time data. The predicted rate must be high based on the available attribute. This work deals with a real intrusion detection problem, by its behavior. In this paper, we developed a hybrid model, which can detect intrusion by its action. We used an NSL-KDD data set, the multiclass problem and binary problems are 25% tested. This model can be used to guess the availability of intrusion, able to determine the scope of intrusions based on the transaction of data in the network; training requires optimal features of a network transaction. The accuracy of the model is better for both binary class for the multiclass in NSL-KDD data set. The complication of false data alarm rates is the most significant challenge in the IDS system, and it may be the low false rate or high false rate. Proposed work also addresses this problem. The first step that data will be filtered by Vote algorithm, the Information Gain will get associated with a base learner, to choose the necessary features, which directly affects the accuracy of the model. It uses the following classifier: Ran-domTree, REPTree, RandomForrest AdaBoostM1, Meta Pagging, DesicionStump, J48, LMT, Bagging, and Naive Bayes. On the based on the proposed model, it is observed as low false rate, high accuracy.
Classification for Intrusion Detection with Different Feature Selection Methods: A Survey (2014-2016(
International journal of advanced research in computer science and software engineering, 2017
Gigantic development in system based services had brought about the upsurge of web users, security dangers and digital assaults. Intrusion detection systems (IDSs) have turned into a basic segment of every network architecture, in order to safe an IT foundation from the malignant activities of the intruders. A proficient ID ought to have the capacity to detect, recognize and track the malevolent attempts made by the intruders. Intrusion is broadly perceived as an unending and repeating issue of computer systems' security with the persistent changes and expanding volume of hacking systems. The Intrusion detection system identification framework manages gigantic measure of information which contains irrelevant and redundant features producing slow training and testing process, higher asset utilization as well as poor detection rate. The feature selection approach gives enhanced prediction and reduces the computation time. Because the higher numbers of features the comprehension of the data in pattern recognition becomes difficult sometimes. That is the reason analysts have utilized diverse feature selection techniques with the single classifiers in their intrusion detection system framework to develop a model which gives a better accuracy and prediction performance. Feature selection, therefore, is a critical issue in intrusion detection. In this paper we present ideas and algorithms of feature selection used by researchers, survey existing feature selection algorithms intrusion detection system.
Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System
2021
In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Neares...
Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset
Journal of Big Data, 2020
Computer networks intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are critical aspects that contribute to the success of an organization. Over the past years, IDSs and IPSs using different approaches have been developed and implemented to ensure that computer networks within enterprises are secure, reliable and available. In this paper, we focus on IDSs that are built using machine learning (ML) techniques. IDSs based on ML methods are effective and accurate in detecting networks attacks. However, the performance of these systems decreases for high dimensional data spaces. Therefore, it is crucial to implement an appropriate feature extraction method that can prune some of the features that do not possess a great impact in the classification process. Moreover, many of the ML based IDSs suffer from an increase in false positive rate and a low detection accuracy when the models are trained on highly imbalanced datasets. In this paper, we present an analysis the UNSW-NB15 intrusion detection dataset that will be used for training and testing our models. Moreover, we apply a filter-based feature reduction technique using the XGBoost algorithm. We then implement the following ML approaches using the reduced feature space: Support Vector Machine (SVM), k-Nearest-Neighbour (kNN), Logistic Regression (LR), Artificial Neural Network (ANN) and Decision Tree (DT). In our experiments, we considered both the binary and multiclass classification configurations. The results demonstrated that the XGBoost-based feature selection method allows for methods such as the DT to increase its test accuracy from 88.13% to 90.85% for the binary classification scheme.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.