Feature Extraction Methods for Intrusion Detection Systems

2013 ◽  
pp. 1064-1092
Author(s):  
Hai Thanh Nguyen ◽  
Katrin Franke ◽  
Slobodan Petrovic
Keyword(s):  
Feature Extraction ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Domain Knowledge ◽  
Intrusion Detection Systems ◽  
Feature Construction ◽  
Selection Methods ◽  
Detection Systems ◽  
Negative Effect ◽  
Managing Risk

Intrusion Detection Systems (IDSs) have become an important security tool for managing risk and an indispensable part of overall security architecture. An IDS is considered as a pattern recognition system, in which feature extraction is an important pre-processing step. The feature extraction process consists of feature construction and feature selection . The quality of the feature construction and feature selection algorithms is one of the most important factors that affects the effectiveness of an IDS. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that largely improves the overall effectiveness of the IDS. Most of the feature construction as well as feature selection works in intrusion detection practice is still carried through manually by utilizing domain knowledge. For automatic feature construction and feature selection, the filter, wrapper, and embedded methods from machine learning are frequently applied. This chapter provides an overview of various existing feature construction and feature selection methods for intrusion detection systems. A comparison between those feature selection methods is performed in the experimental part.

Feature Extraction Methods for Intrusion Detection Systems

2012 ◽  
pp. 23-52 ◽  
Author(s):  
Hai Thanh Nguyen ◽  
Katrin Franke ◽  
Slobodan Petrovic
Keyword(s):  
Feature Extraction ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Domain Knowledge ◽  
Intrusion Detection Systems ◽  
Feature Construction ◽  
Selection Methods ◽  
Detection Systems ◽  
Negative Effect ◽  
Managing Risk

Intrusion Detection Systems (IDSs) have become an important security tool for managing risk and an indispensable part of overall security architecture. An IDS is considered as a pattern recognition system, in which feature extraction is an important pre-processing step. The feature extraction process consists of feature construction and feature selection . The quality of the feature construction and feature selection algorithms is one of the most important factors that affects the effectiveness of an IDS. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that largely improves the overall effectiveness of the IDS. Most of the feature construction as well as feature selection works in intrusion detection practice is still carried through manually by utilizing domain knowledge. For automatic feature construction and feature selection, the filter, wrapper, and embedded methods from machine learning are frequently applied. This chapter provides an overview of various existing feature construction and feature selection methods for intrusion detection systems. A comparison between those feature selection methods is performed in the experimental part.

An Effective Genetic Algorithm-Based Feature Selection Method for Intrusion Detection Systems

2021 ◽  
pp. 102448
Author(s):  
Zahid Halim ◽  
Muhammad Nadeem Yousaf ◽  
Muhammad Waqas ◽  
Muhammad Suleman ◽  
Ghulam Abbas ◽  
...  
Keyword(s):  
Genetic Algorithm ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Feature Selection Method ◽  
Selection Method ◽  
Intrusion Detection Systems ◽  
Detection Systems

ODARM

2010 ◽  
pp. 40-56
Author(s):  
Fu Xiao ◽  
Xie Li
Keyword(s):  
Intrusion Detection ◽  
Outlier Detection ◽  
Domain Knowledge ◽  
Reduction Rate ◽  
Main Idea ◽  
False Positives ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Data Mining Technique ◽  
Detection Systems

Intrusion Detection Systems (IDSs) are widely deployed with increasing of unauthorized activities and attacks. However they often overload security managers by triggering thousands of alerts per day. And up to 99% of these alerts are false positives (i.e. alerts that are triggered incorrectly by benign events). This makes it extremely difficult for managers to correctly analyze security state and react to attacks. In this chapter the authors describe a novel system for reducing false positives in intrusion detection, which is called ODARM (an Outlier Detection-Based Alert Reduction Model). Their model based on a new data mining technique, outlier detection that needs no labeled training data, no domain knowledge and little human assistance. The main idea of their method is using frequent attribute values mined from historical alerts as the features of false positives, and then filtering false alerts by the score calculated based on these features. In order to filter alerts in real time, they also design a two-phrase framework that consists of the learning phrase and the online filtering phrase. Now they have finished the prototype implementation of our model. And through the experiments on DARPA 2000, they have proved that their model can effectively reduce false positives in IDS alerts. And on real-world dataset, their model has even higher reduction rate.

Rough Set-hypergraph-based Feature Selection Approach for Intrusion Detection Systems

2016 ◽  
Vol 66 (6) ◽  
pp. 612 ◽  
Author(s):  
M.R. Gauthama Raman ◽  
K. Kannan ◽  
S.K. Pal ◽  
V. S. Shankar Sriram
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Rough Set ◽  
Network Architecture ◽  
Cyber Attacks ◽  
Intrusion Detection Systems ◽  
Selection Algorithm ◽  
Feature Selection Algorithm ◽  
Detection Systems ◽  
Helly Property

Immense growth in network-based services had resulted in the upsurge of internet users, security threats and cyber-attacks. Intrusion detection systems (IDSs) have become an essential component of any network architecture, in order to secure an IT infrastructure from the malicious activities of the intruders. An efficient IDS should be able to detect, identify and track the malicious attempts made by the intruders. With many IDSs available in the literature, the most common challenge due to voluminous network traffic patterns is the curse of dimensionality. This scenario emphasizes the importance of feature selection algorithm, which can identify the relevant features and ignore the rest without any information loss. In this paper, a novel rough set κ-Helly property technique (RSKHT) feature selection algorithm had been proposed to identify the key features for network IDSs. Experiments carried using benchmark KDD cup 1999 dataset were found to be promising, when compared with the existing feature selection algorithms with respect to reduct size, classifier’s performance and time complexity. RSKHT was found to be computationally attractive and flexible for massive datasets.

scholarly journals Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
Sydney M. Kasongo ◽  
Yanxia Sun
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Computer Networks ◽  
Feature Selection Method ◽  
Selection Method ◽  
Feature Reduction ◽  
Intrusion Detection Systems ◽  
Support Vector ◽  
Test Accuracy ◽  
Detection Systems

AbstractComputer networks intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are critical aspects that contribute to the success of an organization. Over the past years, IDSs and IPSs using different approaches have been developed and implemented to ensure that computer networks within enterprises are secure, reliable and available. In this paper, we focus on IDSs that are built using machine learning (ML) techniques. IDSs based on ML methods are effective and accurate in detecting networks attacks. However, the performance of these systems decreases for high dimensional data spaces. Therefore, it is crucial to implement an appropriate feature extraction method that can prune some of the features that do not possess a great impact in the classification process. Moreover, many of the ML based IDSs suffer from an increase in false positive rate and a low detection accuracy when the models are trained on highly imbalanced datasets. In this paper, we present an analysis the UNSW-NB15 intrusion detection dataset that will be used for training and testing our models. Moreover, we apply a filter-based feature reduction technique using the XGBoost algorithm. We then implement the following ML approaches using the reduced feature space: Support Vector Machine (SVM), k-Nearest-Neighbour (kNN), Logistic Regression (LR), Artificial Neural Network (ANN) and Decision Tree (DT). In our experiments, we considered both the binary and multiclass classification configurations. The results demonstrated that the XGBoost-based feature selection method allows for methods such as the DT to increase its test accuracy from 88.13 to 90.85% for the binary classification scheme.

Sign in / Sign up

Export Citation Format

Share Document