Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Dongliang Xuan,Huaping Hu,Bidong Wang,Xingkong Ma

DOI: https://doi.org/10.1109/cecit53797.2021.00205

2021-01-01

Abstract:The development of network has brought great convenience to our lives, but the number of network intrusions has also increased sharply at the same time. Intrusion detection system(IDS) is one of the most effective ways to solve this problem. IDS based on machine learning is an important issue of current research. Feature selection is a commonly used method in IDS to improve model accuracy and timeliness. In this paper, we propose a heuristic algorithm SSA-CFS based on SSA and CFS, and build a two-layer classification model based on this algorithm. We conduct experiments on the data set named NSL-KDD to evaluate the performance of the algorithm and IDS, and compare them with other traditional algorithms and models. The experimental results show that the feature selection algorithm and IDS model we proposed have significantly improved the time and detection accuracy.

Yuyang Zhou,Guang Cheng

2019-01-01

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Gulab Sah,Subhasish Banerjee,Sweety Singh

DOI: https://doi.org/10.1007/s10207-022-00616-4

2022-10-08

International Journal of Information Security

Abstract:The intrusion detection system (IDS) plays an important role in extracting and analysing the network traffics to detect aberrant activity. However, emerging technologies, like cloud computing, Internet of Things, etc., generate a large volume of traffics, which may carry the irrelevant attributes that do not have any impact on classification or in detection of assaults. Hence, it's became an open challenge for the researchers to extract the meaningful data from huge amounts of traffic and also to examine whether the selected features could increase IDS performance or not. To solve these issues, features selection approaches (FSA) have been used in this research to remove non-relevant features and find the important ones. Later, the various classifiers have been used to investigate the best classifier which could increase the performance of IDS's detection-engine on the NSL-KDD datasets. However, to validate, the investigated best-performing classifier with the suitable features selection technique (FST) has also been implemented on a real-time dataset, i.e. combined CICIDS2017. The experiment results in this research suggest that the acquired subset of relevant features under the proposed model's (Decision Tree + Recursive Feature Elimination) could increase the IDS performance with average accuracy of 99.21% and 99.94% on the well-known NSL-KDD and CICIDS2017 datasets, respectively, and could also minimize the computation cost, in parallel.

computer science, information systems, theory & methods, software engineering

Reehan Ali Shah,Yuntao Qian,Dileep Kumar,Munwar Ali,Muhammad Bux Alvi

DOI: https://doi.org/10.3390/fi9040081

2017-01-01

Future Internet

Abstract:Intrusion detection system (IDS) is a well-known and effective component of network security that provides transactions upon the network systems with security and safety. Most of earlier research has addressed difficulties such as overfitting, feature redundancy, high-dimensional features and a limited number of training samples but feature selection. We approach the problem of feature selection via sparse logistic regression (SPLR). In this paper, we propose a discriminative feature selection and intrusion classification based on SPLR for IDS. The SPLR is a recently developed technique for data analysis and processing via sparse regularized optimization that selects a small subset from the original feature variables to model the data for the purpose of classification. A linear SPLR model aims to select the discriminative features from the repository of datasets and learns the coefficients of the linear classifier. Compared with the feature selection approaches, like filter (ranking) and wrapper methods that separate the feature selection and classification problems, SPLR can combine feature selection and classification into a unified framework. The experiments in this correspondence demonstrate that the proposed method has better performance than most of the well-known techniques used for intrusion detection.

Guezzaz, Azidine

DOI: https://doi.org/10.1007/s11042-023-14795-2

IF: 2.577

2023-02-19

Multimedia Tools and Applications

Abstract:The Internet of Things (IoT) interconnects billions of sensors and actuators to serve a meaningful purpose. However, it is always vulnerable to various menaces. Thus, IoT security represents a big concern in the research field. Various tools were developed to mitigate these security issues. So, Intrusion detection systems (IDS) have gained much attention in the research community due to their critical role in maintaining network security. In this work, we integrate a network IDS (NIDS) to enhance IoT security. This paper presents a network intrusion detection model for IoT environments using a K-Nearest Neighbors (K-NN) classifier and feature selection. We built the NIDS using the K-NN algorithm to improve the IDS accuracy (ACC) and detection rate (DR). Furthermore, the principal component analysis (PCA), univariate statistical test, and genetic algorithm (GA) are used for feature selection separately to improve the data quality and select the ten best performing features. The performance evaluation of our model is performed on the Bot-IoT dataset. After applying the feature selection, the models have shown promising results regarding ACC, DR, false alarm rate (FAR), and predicting time. Our proposed model provided 99.99% ACC and maintained its superior performance for the ten selected features. Furthermore, we calculated the prediction time, as we consider it critical in building IDS for IoT, and by applying feature selection, we reduced it significantly from 51,182.22 s to under a minute. This novel model presents many advantages and reliable performances compared with previous models relying on the same dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xin Li,Peng Yi,Wei Wei,Yiming Jiang,Le Tian

DOI: https://doi.org/10.1155/2021/8830431

IF: 1.968

2021-01-06

Security and Communication Networks

Abstract:As an important part of intrusion detection, feature selection plays a significant role in improving the performance of intrusion detection. Krill herd (KH) algorithm is an efficient swarm intelligence algorithm with excellent performance in data mining. To solve the problem of low efficiency and high false positive rate in intrusion detection caused by increasing high-dimensional data, an improved krill swarm algorithm based on linear nearest neighbor lasso step (LNNLS-KH) is proposed for feature selection of network intrusion detection. The number of selected features and classification accuracy are introduced into fitness evaluation function of LNNLS-KH algorithm, and the physical diffusion motion of the krill individuals is transformed by a nonlinear method. Meanwhile, the linear nearest neighbor lasso step optimization is performed on the updated krill herd position in order to derive the global optimal solution. Experiments show that the LNNLS-KH algorithm retains 7 features in NSL-KDD dataset and 10.2 features in CICIDS2017 dataset on average, which effectively eliminates redundant features while ensuring high detection accuracy. Compared with the CMPSO, ACO, KH, and IKH algorithms, it reduces features by 44%, 42.86%, 34.88%, and 24.32% in NSL-KDD dataset, and 57.85%, 52.34%, 27.14%, and 25% in CICIDS2017 dataset, respectively. The classification accuracy increased by 10.03% and 5.39%, and the detection rate increased by 8.63% and 5.45%. Time of intrusion detection decreased by 12.41% and 4.03% on average. Furthermore, LNNLS-KH algorithm quickly jumps out of the local optimal solution and shows good performance in the optimal fitness iteration curve, convergence speed, and false positive rate of detection.

computer science, information systems,telecommunications

Chanchal Suman,Somanath Tripathy,Sriparna Saha

DOI: https://doi.org/10.48550/arXiv.1905.06562

2019-05-16

Neural and Evolutionary Computing

Abstract:Intrusion Detection Systems (IDS) are developed to protect the network by detecting the attack. The current paper proposes an unsupervised feature selection technique for analyzing the network data. The search capability of the non-dominated sorting genetic algorithm (NSGA-II) has been employed for optimizing three different objective functions utilizing different information theoretic measures including mutual information, standard deviation, and information gain to identify mutually exclusive and a high variant subset of features. Finally, the Pareto optimal front of the different optimal feature subsets are obtained and these feature subsets are utilized for developing classification systems using different popular machine learning models like support vector machines, decision trees and k-nearest neighbour (k=5) classifier etc. We have evaluated the results of the algorithm on KDD-99, NSL-KDD and Kyoto 2006+ datasets. The experimental results on KDD-99 dataset show that decision tree provides better results than other available classifiers. The proposed system obtains the best results of 99.78% accuracy, 99.27% detection rate and false alarm rate of 0.2%, which are better than all the previous results for KDD dataset. We achieved an accuracy of 99.83% for 20% testing data of NSL-KDD dataset and 99.65% accuracy for 10-fold cross-validation on Kyoto dataset. The most attractive characteristic of the proposed scheme is that during the selection of appropriate feature subset, no labeled information is utilized and different feature quality measures are optimized simultaneously using the multi-objective optimization framework.

Yi Gong,Yong Fang,Liang Liu,Juan Li

DOI: https://doi.org/10.1109/IIH-MSP.2014.137

2014-01-01

Abstract:Due to the increased connectivity to Internet and corporate network, industrial control system (ICS) is no longer immune to network attacks. Most of these ICSs are not designed with security protection nowadays, so there is an increasing demand of designing protection mechanism in infrastructure of industrial plants. In this paper, we propose multi-agent intrusion detection architecture and a feature selection approach to protect ICS. Multi-agent intrusion detection system (MIDS) architecture is designed for decentralized intrusion detection and prevention control in large switched networks, so it can make intrusion detection system (IDS) efficient and scalable, while the feature detection approach is proposed to improve detection reliability. We chose NSL-KDD as experimental data and had a test on four kinds of attacks (Probe, Dos, U2R and R2L) to evaluate the performance of IDS. Compared with four other common feature selection algorithms (IG, GR, Relief and Chi-Square), the experimental results show that our method can effectively improve True Positive Rate and reduce False Positive Rate of IDS.

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yashar Pourardebil Khah,Mirsaeid Hosseini Shirvani,Homayun Motameni

DOI: https://doi.org/10.1007/s11227-024-06677-7

IF: 3.3

2024-12-08

The Journal of Supercomputing

Abstract:This paper presents a hybrid Machine Learning (ML)-based feature selection algorithm to create an Intrusion Detection Systems (IDS) model in distributed computing environments such as in Internet of Things (IoT) requests. IoT applications need frequent network connections to reach either the cloud or fog resources. Since reliability and trust are very prominent attributes in distributed systems, utilizing the ML-based algorithm is vital to efficiently detect malicious/attack behaviors at the earliest time with high accuracy. To address the issue, a hybrid ML-based algorithm is presented that includes four phases. In the first phase, the pre-processing including cleansing and normalization on the relevant dataset is performed. Then, the two next phases, namely heuristic-based and meta-heuristic-based approaches, are passed for the training step. In the second phase, three effective filter-based heuristic feature rankers are utilized to sort features according to their importance. Afterward, the fuzzy TOPSIS approach is also applied to prepare a consensus among them returning top- K features. In the third phase, to optimize the consensus feature subsets, a novel Discrete Gray Wolf Optimization Algorithm (DGWA) as a meta-heuristic approach is designed. It leads to a balance in exploitation and exploration searching areas. The effectiveness of the proposed hybrid model is tested in the fourth phase on the famous NSL-KDD and UNWS-NB15 datasets against some state of the art. The simulation results of running different scenarios prove that the proposed hybrid ML-based model gives an average 10.60%, 15.85%, 3.30%, 4.39%, and 2.03% improvement in testing datasets in terms of accuracy , precision , recall , F-cost , and specificity against other comparative state of the art in the same conditions.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yang Li,Jun-Li Wang,Zhi-Hong Tian,Tian-Bo Lu,Chen Young

DOI: https://doi.org/10.1016/j.cose.2009.01.001

IF: 5.105

2009-01-01

Computers & Security

Abstract:Intrusion Detection System (IDS) is an important and necessary component in ensuring network security and protecting network resources and network infrastructures. How to build a lightweight IDS is a hot topic in network security. Moreover, feature selection is a classic research topic in data mining and it has attracted much interest from researchers in many fields such as network security, pattern recognition and data mining. In this paper, we effectively introduced feature selection methods to intrusion detection domain. We propose a wrapper-based feature selection algorithm aiming at building lightweight intrusion detection system by using modified random mutation hill climbing (RMHC) as search strategy to specify a candidate subset for evaluation, as well as using modified linear Support Vector Machines (SVMs) iterative procedure as wrapper approach to obtain the optimum feature subset. We verify the effectiveness and the feasibility of our feature selection algorithm by several experiments on KDD Cup 1999 intrusion detection dataset. The experimental results strongly show that our approach is not only able to speed up the process of selecting important features but also to yield high detection rates. Furthermore, our experimental results indicate that intrusion detection system with feature selection algorithm has better performance than that without feature selection algorithm both in detection performance and computational cost.

Bidyapati Thiyam,Shouvik Dey

DOI: https://doi.org/10.1080/1206212X.2023.2223795

2023-06-16

International Journal of Computers and Applications

Abstract:The ever-growing amount of data generated by modern networks poses significant challenges for intrusion detection systems (IDS) in effectively analyzing and classifying security risks. Therefore, it is crucial to identify the most biased characteristics for building efficient and effective IDS algorithms. However, not all features are equally informative or relevant for intrusion detection. In response to these problems, this study proposes a Hybrid approach that uses traditional and advanced statistical techniques. The proposed method effectively validates the features generated from the hybrid model and set-operation theorem to provide the best optimal subset of features for IDS. Various machine learning methods are used to test the proposed model on three popular IDS datasets: NSL-KDD, UNSW NB15, and CIC-DDoS2019. The experimental findings show that the suggested hybrid technique improves IDS performance effectively and efficiently, providing a viable answer to the issues that intrusion detection systems confront.

Gulab Sah,Sweety Singh,Subhasish Banerjee

DOI: https://doi.org/10.23919/jcc.fa.2022-0076.202409

2024-10-01

China Communications

Abstract:The key objective of intrusion detection systems (IDS) is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal. These IDS uses many methods of machine learning (ML) to learn from past-experience attack i.e. signatures based and identify the new ones. Even though these methods are effective, but they have to suffer from large computational costs due to considering all the traffic features, together. Moreover, emerging technologies like the Internet of Things (IoT), big data, etc. are getting advanced day by day; as a result, network traffics are also increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, firstly, the ML methods have been used with the feature selection technique (FST) to reduce the number of features by picking out only the important ones from NSL-KDD, CICIDS2017, and CIC-DDoS2019 datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network. The experimental result demonstrated that the proposed model i.e. Decision tree (DT) with Recursive feature elimination (RFE) performs better than other classifiers with RFE in terms of accuracy, specificity, precision, sensitivity, F1-score, and G-means on the investigated datasets.

telecommunications

DOI: https://doi.org/10.1007/s12083-024-01727-6

IF: 3.488

2024-06-09

Peer-to-Peer Networking and Applications

Abstract:Due to the increase in network attacks, maintaining network security is significantly difficult, to overcome security vulnerabilities Intrusion Detection System (IDS) is utilized. IDS is a software application that monitors the network traffic and detects the malicious activity in the network. Network Intrusion Detection System (NIDS) identifies the suspicious behaviour of nodes in the network by analysing the network traffic. Most of the existing IDS suffer from achieving better feature selection with high classification accuracy with reduced false alarm rate. In the proposed system, the Principal Component Analysis (PCA) technique is utilized to reduce the dimensionality of the dataset. Improved Harris Hawks Optimizer (IHHO) is employed for effective feature selection which provides powerful global search capability. For classification, two-staged classifier is proposed which employs Support Vector Machine (SVM) for stage-1 and K-Nearest Neighbors (KNN) for stage-2. The main goal of the proposed system is to combine the advantages of SVM and KNN to enhance classification accuracy with a reduced false alarm rate. The performance of the proposed system is evaluated by using the NSL- KDD dataset and it has achieved an overall classification accuracy of 95.01%, a False alarm rate of 0.01%, and an overall detection rate of 92.01%.

computer science, information systems,telecommunications

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Mian Dai

DOI: https://doi.org/10.1016/j.comnet.2020.107247

IF: 5.493

2020-01-01

Computer Networks

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Yakubu Imrana,Yanping Xiang,Liaqat Ali,Zaharawu Abdul-Rauf,Yu-Chen Hu,Seifedine Kadry,Sangsoon Lim

DOI: https://doi.org/10.3390/s22052018

2022-03-04

Abstract:In a network architecture, an intrusion detection system (IDS) is one of the most commonly used approaches to secure the integrity and availability of critical assets in protected systems. Many existing network intrusion detection systems (NIDS) utilize stand-alone classifier models to classify network traffic as an attack or as normal. Due to the vast data volume, these stand-alone models struggle to reach higher intrusion detection rates with low false alarm rates( FAR). Additionally, irrelevant features in datasets can also increase the running time required to develop a model. However, data can be reduced effectively to an optimal feature set without information loss by employing a dimensionality reduction method, which a classification model then uses for accurate predictions of the various network intrusions. In this study, we propose a novel feature-driven intrusion detection system, namely χ2-BidLSTM, that integrates a χ2 statistical model and bidirectional long short-term memory (BidLSTM). The NSL-KDD dataset is used to train and evaluate the proposed approach. In the first phase, the χ2-BidLSTM system uses a χ2 model to rank all the features, then searches an optimal subset using a forward best search algorithm. In next phase, the optimal set is fed to the BidLSTM model for classification purposes. The experimental results indicate that our proposed χ2-BidLSTM approach achieves a detection accuracy of 95.62% and an F-score of 95.65%, with a low FAR of 2.11% on NSL-KDDTest+. Furthermore, our model obtains an accuracy of 89.55%, an F-score of 89.77%, and an FAR of 2.71% on NSL-KDDTest-21, indicating the superiority of the proposed approach over the standard LSTM method and other existing feature-selection-based NIDS methods.

Shuai Jiang,Xiaolong Xu

DOI: https://doi.org/10.1109/cyberc.2019.00039

2019-01-01

Abstract:The rapid increase of data has led to many security issues. Various new technologies and other sub-disciplines have been introduced into the research of intrusion detection system (IDS), which has become a hot topic in the current field of security. However, IDS utilizing traditional machine learning technology suffers from relatively low detection rate, large computational overhead, and high false positive rate, due to the large amount of redundancy and high correlation of network traffic data. Therefore, we select random forest (RF) to handle the classification of the network traffic data, and try the classic feature selection algorithms Extra-Trees (ET) and Chi-square (CHI) to reduce the detection time and improve the efficiency of IDS. The experimental results based on the NSL-KDD dataset indicate that ET-RF and CHI-RF outstand in accuracy and computational overhead. Meanwhile, RF with ET outperforms that with CHI.

Zhao Yongli,Zhang Yungui,Tong Weiming,Chen Hongzhi

DOI: https://doi.org/10.1109/sns-pcs.2013.6553837

2013-01-01

Abstract:Network Intrusion Detection System (NIDS) plays an important role in providing network security. Efficient NIDS can be developed by defining a proper rule set for classifying network audit data into normal or attack patterns. Generally, each dataset is characterized by a large set of features, but not all features will be relevant or fully contribute identifying an attack. Since different attacks need different subsets to have better detection accuracy, this paper describes an improved feature selection algorithm to identify most appropriate subset of features for a certain attack. The proposed method is based on MAHALANOBIS Distance feature ranking and an improved exhaustive search to choose a better combination of features. We evaluate the approach on the KDD CUP 1999 datasets using SVM classifier and KNN classifier. The results show that classification is done with high classification rate and low misclassification rate with the reduced feature subsets.