Mutual information-based feature selection for intrusion detection systems

Authors:
Fatemeh Amiri;MohammadMahdi Rezaei Yousefi;Caro Lucas;Azadeh Shakery;Nasser Yazdani
Affiliations:
Center of Excellence, Control and Intelligent Processing, School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran;Center of Excellence, Control and Intelligent Processing, School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran;Center of Excellence, Control and Intelligent Processing, School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran;School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran;School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran
Venue:
Journal of Network and Computer Applications
Year:
2011

Citing 24
Cited 4

Feature Selection: Evaluation, Application, and Small Sample Performance

IEEE Transactions on Pattern Analysis and Machine Intelligence
Least Squares Support Vector Machine Classifiers

Neural Processing Letters
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ADAM: a testbed for exploring the use of data mining in intrusion detection

ACM SIGMOD Record
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Winning the KDD99 classification cup: bagged boosting

ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview

ACM SIGKDD Explorations Newsletter
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Classifying large data sets using SVMs with hierarchical clusters

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
An artificial immune based intrusion detection model for computer and telecommunication systems

Parallel Computing - Special issue: Parallel and nature-inspired computational paradigms and applications
Fast Binary Feature Selection with Conditional Mutual Information

The Journal of Machine Learning Research
Intrusion detection using an ensemble of intelligent paradigms

Journal of Network and Computer Applications - Special issue on computational intelligence on the internet
Feature Selection Based on Mutual Information: Criteria of Max-Dependency, Max-Relevance, and Min-Redundancy

IEEE Transactions on Pattern Analysis and Machine Intelligence
Anomaly Detection Based Intrusion Detection

ITNG '06 Proceedings of the Third International Conference on Information Technology: New Generations
Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework

CIMCA '06 Proceedings of the International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce
Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering

ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01
Intrusion detection using a fuzzy genetics-based learning algorithm

Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers

Computer Communications
A new intrusion detection system using support vector machines and hierarchical clustering

The VLDB Journal — The International Journal on Very Large Data Bases
Review: The use of computational intelligence in intrusion detection systems: A review

Applied Soft Computing
Application of online-training SVMs for real-time intrusion detection with different considerations

Computer Communications
On the versatility of radial basis function neural networks: A case study in the field of intrusion detection

Information Sciences: an International Journal
Incorporating soft computing techniques into a probabilistic intrusion detection system

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Using mutual information for selecting features in supervised neural net learning

IEEE Transactions on Neural Networks

Feature evaluation and selection with cooperative game theory

Pattern Recognition
An effective unsupervised network anomaly detection method

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
A DDoS attack detection mechanism based on protocol specific traffic features

Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
D0M-WLAN: a traffic analysis based approach for detecting malicious activities on wireless networks

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

As the network-based technologies become omnipresent, threat detection and prevention for these systems become increasingly important. One of the effective ways to achieve higher security is to use intrusion detection systems, which are software tools used to detect abnormal activities in the computer or network. One technical challenge in intrusion detection systems is the curse of high dimensionality. To overcome this problem, we propose a feature selection phase, which can be generally implemented in any intrusion detection system. In this work, we propose two feature selection algorithms and study the performance of using these algorithms compared to a mutual information-based feature selection method. These feature selection algorithms require the use of a feature goodness measure. We investigate using both a linear and a non-linear measure-linear correlation coefficient and mutual information, for the feature selection. Further, we introduce an intrusion detection system that uses an improved machine learning based method, Least Squares Support Vector Machine. Experiments on KDD Cup 99 data set address that our proposed mutual information-based feature selection method results in detecting intrusions with higher accuracy, especially for remote to login (R2L) and user to remote (U2R) attacks.