Abstract
A good feature selection policy which can choose significant and as less as possible features plays a key role for any successful NIDS. The paper presents a genetic algorithm combined with kNN (k-Nearest Neighbor) for feature weighting. We weight all initial 35 features in the training phase and then select tops of them to implement a NIDS for testing. Many DoS/DDoS attacks are applied to evaluate the system. For known attacks we can get the best 97.42% overall accuracy rate while only the top 19 features are considered; as for unknown attacks, we can get the best 78% overall accuracy rate by top 28 features.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Middlemiss, M.J., Dick, G.: Weighted Feature Extraction using a Genetic Algorithm for Intrusion Detection. In: Proceedings of the Evolutionary Computation, vol. 3, pp. 1669–1675 (2003)
Hofman, A., Horeis, T., Sick, B.: Feature Selection for Intrusion Detection: An Evolutionary Wrapper Approach. In: Proceedings of the IEEE Neural Networks, vol. 2, pp. 1563–1568 (2004)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proceedings of the IEEE Symposium on Applications and the Internet, pp. 209–216 (2003)
Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol Analysis in Intrusion Detection Using Decision Tree. In: Proceedings of the IEEE Conference on Information Technology: Coding and Computing, pp. 404–409 (2004)
Lee, C.H., Chung, J.W., Shin, S.W.: Network Intrusion Detection Through Genetic Feature Selection. In: Proceedings of the IEEE Conference on Software Engineering, Artifical Intelligence, Networking, and Parallel/Distributed Computind (SNPD), pp. 109–114 (2006)
The UCI KDD Archive, http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names
Stein, G., Chen, B., Wu, A.S., Hua, K.A.: Decision Tree Classifier f or Network Intrusion Detection With GA-based Feature Selection. In: Proceedings of the ACM Southeast Regional Conference, vol. 2, pp. 136–141 (2005)
Mukkamala, S., Sung, A.H.: Feature ranking and Selection for Intrusion Detection Using Support Vector Machines. In: Proceedings of the Conference on Information and Knowledge Engineering, pp. 503–509 (2002)
DARPA 1999 Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/data/data_index.html
Holland, J.H.: Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence. MIT Press, Cambridge (1992)
IP Traffic, http://www.omnicor.com/netest.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Su, MY., Chang, KC., Wei, HF., Lin, CY. (2008). Feature Weighting and Selection for a Real-Time Network Intrusion Detection System Based on GA with KNN. In: Yang, C.C., et al. Intelligence and Security Informatics. ISI 2008. Lecture Notes in Computer Science, vol 5075. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69304-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-69304-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69136-5
Online ISBN: 978-3-540-69304-8
eBook Packages: Computer ScienceComputer Science (R0)