Hybrid Ensemble Techniques used for Classifier and Feature selection in Intrusion Detection Systems

Intrusion Detection Systems (IDSs) have become an important security tool for managing risk and an indispensable part of overall security architecture. An IDS is considered as a pattern recognition system, in which feature extraction is an important pre-processing step. The feature extraction process consists of feature construction and feature selection . The quality of the feature construction and feature selection algorithms is one of the most important factors that affects the effectiveness of an IDS. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that largely improves the overall effectiveness of the IDS. Most of the feature construction as well as feature selection works in intrusion detection practice is still carried through manually by utilizing domain knowledge. For automatic feature construction and feature selection, the filter, wrapper, and embedded methods from machine learning are frequently applied. This chapter provides an overview of various existing feature construction and feature selection methods for intrusion detection systems. A comparison between those feature selection methods is performed in the experimental part.

Download Full-text

Rough Set-hypergraph-based Feature Selection Approach for Intrusion Detection Systems

Defence Science Journal ◽

10.14429/dsj.66.10802 ◽

2016 ◽

Vol 66 (6) ◽

pp. 612 ◽

Cited By ~ 14

Author(s):

M.R. Gauthama Raman ◽

K. Kannan ◽

S.K. Pal ◽

V. S. Shankar Sriram

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Rough Set ◽

Network Architecture ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Selection Algorithm ◽

Feature Selection Algorithm ◽

Detection Systems ◽

Helly Property

Immense growth in network-based services had resulted in the upsurge of internet users, security threats and cyber-attacks. Intrusion detection systems (IDSs) have become an essential component of any network architecture, in order to secure an IT infrastructure from the malicious activities of the intruders. An efficient IDS should be able to detect, identify and track the malicious attempts made by the intruders. With many IDSs available in the literature, the most common challenge due to voluminous network traffic patterns is the curse of dimensionality. This scenario emphasizes the importance of feature selection algorithm, which can identify the relevant features and ignore the rest without any information loss. In this paper, a novel rough set κ-Helly property technique (RSKHT) feature selection algorithm had been proposed to identify the key features for network IDSs. Experiments carried using benchmark KDD cup 1999 dataset were found to be promising, when compared with the existing feature selection algorithms with respect to reduct size, classifier’s performance and time complexity. RSKHT was found to be computationally attractive and flexible for massive datasets.

Download Full-text

Hybrid feature selection for supporting lightweight intrusion detection systems

Journal of Physics Conference Series ◽

10.1088/1742-6596/887/1/012031 ◽

2017 ◽

Vol 887 ◽

pp. 012031 ◽

Cited By ~ 1

Author(s):

Jianglong Song ◽

Wentao Zhao ◽

Qiang Liu ◽

Xin Wang

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Selection For

Download Full-text

Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems

Lecture Notes in Computer Science - Information Security ◽

10.1007/978-3-540-75496-1_2 ◽

2007 ◽

pp. 19-36 ◽

Cited By ~ 4

Author(s):

Iosif-Viorel Onut ◽

Ali A. Ghorbani

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Selection Model ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

Journal Of Big Data ◽

10.1186/s40537-020-00379-6 ◽

2020 ◽

Vol 7 (1) ◽

Author(s):

Sydney M. Kasongo ◽

Yanxia Sun

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Computer Networks ◽

Feature Selection Method ◽

Selection Method ◽

Feature Reduction ◽

Intrusion Detection Systems ◽

Support Vector ◽

Test Accuracy ◽

Detection Systems

AbstractComputer networks intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are critical aspects that contribute to the success of an organization. Over the past years, IDSs and IPSs using different approaches have been developed and implemented to ensure that computer networks within enterprises are secure, reliable and available. In this paper, we focus on IDSs that are built using machine learning (ML) techniques. IDSs based on ML methods are effective and accurate in detecting networks attacks. However, the performance of these systems decreases for high dimensional data spaces. Therefore, it is crucial to implement an appropriate feature extraction method that can prune some of the features that do not possess a great impact in the classification process. Moreover, many of the ML based IDSs suffer from an increase in false positive rate and a low detection accuracy when the models are trained on highly imbalanced datasets. In this paper, we present an analysis the UNSW-NB15 intrusion detection dataset that will be used for training and testing our models. Moreover, we apply a filter-based feature reduction technique using the XGBoost algorithm. We then implement the following ML approaches using the reduced feature space: Support Vector Machine (SVM), k-Nearest-Neighbour (kNN), Logistic Regression (LR), Artificial Neural Network (ANN) and Decision Tree (DT). In our experiments, we considered both the binary and multiclass classification configurations. The results demonstrated that the XGBoost-based feature selection method allows for methods such as the DT to increase its test accuracy from 88.13 to 90.85% for the binary classification scheme.

Download Full-text