A comparison of feature-selection methods for intrusion detection

Authors:
Hai Thanh Nguyen;Slobodan Petrović;Katrin Franke
Affiliations:
Norwegian Information Security Laboratory, Gjøvik University College, Norway;Norwegian Information Security Laboratory, Gjøvik University College, Norway;Norwegian Information Security Laboratory, Gjøvik University College, Norway
Venue:
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Year:
2010

Citing 11
Cited 0

C4.5: programs for machine learning

C4.5: programs for machine learning
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Feature Selection Based on Mutual Information: Criteria of Max-Dependency, Max-Relevance, and Min-Redundancy

IEEE Transactions on Pattern Analysis and Machine Intelligence
Computational Methods of Feature Selection (Chapman & Hall/Crc Data Mining and Knowledge Discovery Series)

Computational Methods of Feature Selection (Chapman & Hall/Crc Data Mining and Knowledge Discovery Series)
Feature Extraction: Foundations and Applications (Studies in Fuzziness and Soft Computing)

Feature Extraction: Foundations and Applications (Studies in Fuzziness and Soft Computing)
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set

Intelligent Data Analysis
Survey and taxonomy of feature selection algorithms in intrusion detection system

Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Towards a theory of intrusion detection

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Towards an information-theoretic framework for analyzing intrusion detection systems

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Feature selection is an important pre-processing step in intrusion detection. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that greatly improves overall effectiveness of an intrusion detection system. A major challenge is to choose appropriate feature-selection methods that can precisely determine the relevance of features to the intrusion detection task and the redundancy between features. Two new feature selection measures suitable for the intrusion detection task have been proposed recently [11,12]: the correlation-feature-selection (CFS) measure and the minimal-redundancy-maximal-relevance (mRMR) measure. In this paper, we validate these feature selection measures by comparing them with various previously known automatic feature-selection algorithms for intrusion detection. The feature-selection algorithms involved in this comparison are the previously known SVM-wrapper, Markovblanket and Classification & Regression Trees (CART) algorithms as well as the recently proposed generic-feature-selection (GeFS) method with 2 instances applicable in intrusion detection: the correlation-featureselection (GeFSCFS) and the minimal-redundancy-maximal-relevance (GeFSmRMR) measures. Experimental results obtained over the KDD CUP'99 data set show that the generic-feature-selection (GeFS) method for intrusion detection outperforms the existing approaches by removing more than 30% of redundant features from the original data set, while keeping or yielding an even better classification accuracy.