Abstract
An intrusion detection (ID) technique classifies the incoming network traffic, represented as a feature vector, into anomalous or normal traffic by a classification method. In practice, it has been observed that the high dimensionality of the feature vector degrades classification performance. To reduce the dimensionality, without compromising the performance, a new hybrid feature selection method has been introduced and its performance is measured on KDD Cup’99 dataset by the classifiers Naïve Bayes and C4.5. Three sets of experiments have been conducted using full feature set, reduced sets of features obtained using four well known feature selection methods as Correlation-based Feature Selection (CFS), Consistency-based Feature Selection (CON), Information Gain (IG), Gain Ratio (GR) and the proposed method on the said dataset and classifiers. In first experiment, classifier Naïve Bayes and C4.5 yielded classification accuracy 97.5 % and 99.8 % respectively. In second set of experiments, the best performance (accuracy) of these classifiers was achieved as 99.1 % and 99.8 % by the method IG. In third experiment, six features are obtained using proposed method and noted the same as 99.4 % and 99.9 %. The proposed hybrid feature selection method outperformed earlier mentioned methods on various metrics.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
P. Mitra et al., Unsupervised feature selection using feature similarity. IEEE Trans. Pattern Anal. Mach. Intell. 24, 301–312 (2002)
W. Wang et al., Towards fast detecting intrusions: using key attributes of network traffic, in The Third International Conference on Internet Monitoring and Protection, 2008, pp. 86–91
Y. Chen et al., Building lightweight intrusion detection system based on principal component analysis and C4.5 algorithm, in ICACT2007, 2007, pp. 2109–2112
J. Park, K.M. Shazzad, D. Kim, Toward modeling lightweight intrusion detection system through correlation-based hybrid feature selection, in Proceedings of Information Security and Cryptology, Lecture Notes in Computer Science, Vol. 3822, 2005, pp. 279–289
D. Kim, H.N. Nguyen, S.Y. Ohn, J. Park, Fusions of GA and SVM for Anomaly detection in intrusion detection system, in Proceedings of 2nd International Symposium on Neural Networks, Lecture Notes in Computer Science, Vol. 3498, 2005, pp. 415–420
K.M. Shazzad, J.S. Park, Optimization of intrusion detection through fast hybrid feature selection, in Proceedings of 6th International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005
A.L. Blum, P. Langley, Selection of relevant features and examples in machine learning. Artif. Intell. 97(1–2), 245–271 (1997)
H. Liu, H. Motoda, Feature Selection for Knowledge Discovery and Data Mining (Kluwer, Boston, 1998)
R. Kohavi, G. John, Wrappers for feature subset selection. Artif. Intell. 97(1–2), 273–324 (1997)
S. Das, Filters, wrappers and a boosting-based hybrid for feature selection, in Proceedings of 18th International Conference on Machine Learning, 2001, pp. 74–81
A. Amrita, P. Ahmed, A study of feature selection methods in intrusion detection system: a survey. Int. J. Comput. Sci. Eng. Info. Technol. Res. (IJCSEITR) 2(3), 1–25 (2012)
M.A. Hall, Correlation-based feature selection for discrete and numeric class machine learning, in Proceedings of 17th International Conference on Machine Learning, 2000, pp. 359–366
M. Dash. H. Liu, Consistency-based search in feature selection. Artif. Intell. 151(1–2), 155–176 (2003). http://dx.doi.org/10.1016/s0004-3702(03)00079-1
T.M. Mitchell, Machine Learning (Mc-Graw-Hill, New York, 1997)
J.R. Quinlan, Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)
H. Zhang, The optimality of naive Bayes, in The 17th International FLAIRS Conference, Miami Beach, 2004, pp. 17–19
J.R. Quinlan, C4.5: Programs for Machine Learning (Morgan Kaufmann, San Mateo, 1993)
KDD Cup 1999 Intrusion detection dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
S. Mukkamala et al., Intrusion detection using an ensemble of intelligent paradigms. J. Netw. Comput. Appl. 28(2), 167–182 (2005)
Waikato environment for knowledge analysis (weka) version 3.7.9. Available on: http://www.cs.waikato.ac.nz/ml/weka/
U.M. Fayyad, K.B. Irani, Multi-interval discretization of continuous valued attributes for classification learning, in Proceedings of the 13th International Joint Conference on Artificial Intelligence (IJCAI), 1993, pp. 1022–1029
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Amrita, Ahmed, P. (2014). A Hybrid-Based Feature Selection Approach for IDS. In: Meghanathan, N., Nagamalai, D., Rajasekaran, S. (eds) Networks and Communications (NetCom2013). Lecture Notes in Electrical Engineering, vol 284. Springer, Cham. https://doi.org/10.1007/978-3-319-03692-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-03692-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03691-5
Online ISBN: 978-3-319-03692-2
eBook Packages: EngineeringEngineering (R0)