Features Selection for Intrusion Detection System Based on DNA Encoding
Intrusion detection systems detect attacks inside computers and networks, where the detection of the attacks must be in fast time and high rate. Various methods proposed achieved high detection rate, this was done either by improving the algorithm or hybridizing with another algorithm. However, they are suffering from the time, especially after the improvement of the algorithm and dealing with large traffic data. On the other hand, past researches have been successfully applied to the DNA sequences detection approaches for intrusion detection system; the achieved detection rate results were very low, on other hand, the processing time was fast. Also, feature selection used to reduce the computation and complexity lead to speed up the system. A new features selection method is proposed based on DNA encoding and on DNA keys positions. The current system has three phases, the first phase, is called pre-processing phase, which is used to extract the keys and their positions, the second phase is training phase; the main goal of this phase is to select features based on the key positions that gained from pre-processing phase, and the third phase is the testing phase, which classified the network traffic records as either normal or attack by using specific features. The performance is calculated based on the detection rate, false alarm rate, accuracy, and also on the time that include both encoding time and matching time. All these results are based on using two or three keys, and it is evaluated by using two datasets, namely, KDD Cup 99, and NSL-KDD. The achieved detection rate, false alarm rate, accuracy, encoding time, and matching time for all corrected KDD Cup records (311,029 records) by using two and three keys are equal to 96.97, 33.67, 91%, 325, 13 s, and 92.74, 7.41, 92.71%, 325 and 20 s, respectively. The results for detection rate, false alarm rate, accuracy, encoding time, and matching time for all NSL-KDD records (22,544 records) by using two and three keys are equal to 89.34, 28.94, 81.46%, 20, 1 s and 82.93, 11.40, 85.37%, 20 and 1 s, respectively. The proposed system is evaluated and compared with previous systems and these comparisons are done based on encoding time and matching time. The outcomes showed that the detection results of the present system are faster than the previous ones.
KeywordsIntrusion detection system DNA encoding Feature selection KDD Cup 99 dataset NSL-KDD dataset
This research was supported by FRGS grant (FRGS/1/2016/ICT02/UKM/02/8), funded by Ministry of Higher Education.
- 1.Mulay SA, Devale PR, Garje GV (2010) Intrusion detection system using support vector machine and decision tree. Int J Comput Appl 3(3):40–43Google Scholar
- 3.Soram R, Khomdram M (2010) Biometric DNA and ECDLP based personal authentication system: a superior posse of security. Int J Comput Sci Netw Secur 10(1):1–9Google Scholar
- 4.John GH, Kohavi R, Pfleger K (1994) Irrelevant features and the subset selection problem. In: Proceeding of the 11th international conference on machine learning, Morgan Kaufmann Publishers, pp 121–129Google Scholar
- 5.Xian J, Peiyu L, Wei G, Xuezhi C (2011) An algorithm application in intrusion forensics based on improved information gain. In: Web Society (SWS), 3rd symposium on date of conference, pp 100–104Google Scholar
- 6.Zhang F, Wang D (2013) An effective feature selection approach for network intrusion detection. In: 2013 IEEE eighth international conference on networking, architecture and storage, Xi’an, China, 17–19 July 2013Google Scholar
- 8.Othman ZA, Abu Bakar A, Etubal I (2010) Improving signature detection classification model using features selection based on customized features. In: 2010 10th International conference on intelligent systems design and applications, pp 1026–1031Google Scholar
- 9.Enache A, Sgarciu V (2015) A feature selection approach implemented with the binary bat algorithm applied for intrusion detection. In: 2015 38th International conference on telecommunications and signal processing (TSP), pp 11–15Google Scholar
- 11.Al-Jarrah OY, Siddiqui A, Elsalamouny M, Yoo PD, Muhaidat S, Kim K (2014) Machine-learning-based feature selection techniques for large-scale network intrusion detection. In: 2014 IEEE 34th international conference on distributed computing systems workshops, pp 177–181Google Scholar
- 12.Gharaee H, Hosseinvand H (2016) A new feature selection IDS based on genetic algorithm and SVM. In: 2016 8th International symposium on telecommunicationsGoogle Scholar
- 13.Ullah I, Mahmoud QH (2017) A filter-based feature selection model for anomaly-based intrusion detection systems. In: 2017 IEEE international conference on big dataGoogle Scholar
- 14.Yusof AR, Udzir NI, Selamat A, Hamdan H, Abdullah M (2017) Adaptive feature selection for denial of services (DoS) attack. In: 2017 IEEE conference on application, information and network securityGoogle Scholar
- 15.Anwer HM, Farouk M, Abdel-Hamid M (2018) A framework for efficient network anomaly intrusion detection with features selection. In: 2018 9th International conference on information and communication systemsGoogle Scholar