C4.5: programs for machine learning
C4.5: programs for machine learning
ACM Transactions on Information and System Security (TISSEC)
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
IEEE Transactions on Pattern Analysis and Machine Intelligence
Computational Methods of Feature Selection (Chapman & Hall/Crc Data Mining and Knowledge Discovery Series)
Feature Extraction: Foundations and Applications (Studies in Fuzziness and Soft Computing)
Feature Extraction: Foundations and Applications (Studies in Fuzziness and Soft Computing)
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
Survey and taxonomy of feature selection algorithms in intrusion detection system
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Towards a theory of intrusion detection
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Feature selection is an important pre-processing step in intrusion detection. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that greatly improves overall effectiveness of an intrusion detection system. A major challenge is to choose appropriate feature-selection methods that can precisely determine the relevance of features to the intrusion detection task and the redundancy between features. Two new feature selection measures suitable for the intrusion detection task have been proposed recently [11,12]: the correlation-feature-selection (CFS) measure and the minimal-redundancy-maximal-relevance (mRMR) measure. In this paper, we validate these feature selection measures by comparing them with various previously known automatic feature-selection algorithms for intrusion detection. The feature-selection algorithms involved in this comparison are the previously known SVM-wrapper, Markovblanket and Classification & Regression Trees (CART) algorithms as well as the recently proposed generic-feature-selection (GeFS) method with 2 instances applicable in intrusion detection: the correlation-featureselection (GeFSCFS) and the minimal-redundancy-maximal-relevance (GeFSmRMR) measures. Experimental results obtained over the KDD CUP'99 data set show that the generic-feature-selection (GeFS) method for intrusion detection outperforms the existing approaches by removing more than 30% of redundant features from the original data set, while keeping or yielding an even better classification accuracy.