Skip to main content
SpringerLink
Log in

A Comparison of Feature-Selection Methods for Intrusion Detection

  • Conference paper
Computer Network Security (MMM-ACNS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6258))

Abstract

Feature selection is an important pre-processing step in intrusion detection. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that greatly improves overall effectiveness of an intrusion detection system. A major challenge is to choose appropriate feature-selection methods that can precisely determine the relevance of features to the intrusion detection task and the redundancy between features. Two new feature selection measures suitable for the intrusion detection task have been proposed recently [11,12] the correlation-feature-selection (CFS) measure and the minimal-redundancy-maximal-relevance (mRMR) measure. In this paper, we validate these feature selection measures by comparing them with various previously known automatic feature-selection algorithms for intrusion detection. The feature-selection algorithms involved in this comparison are the previously known SVM-wrapper, Markov-blanket and Classification & Regression Trees (CART) algorithms as well as the recently proposed generic-feature-selection (GeFS) method with 2 instances applicable in intrusion detection: the correlation-feature-selection (GeFS CFS ) and the minimal-redundancy-maximal-relevance (GeFS mRMR ) measures. Experimental results obtained over the KDD CUP’99 data set show that the generic-feature-selection (GeFS) method for intrusion detection outperforms the existing approaches by removing more than 30% of redundant features from the original data set, while keeping or yielding an even better classification accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hall, M.: Correlation Based Feature Selection for Machine Learning. In: Doctoral dissertation. Department of Computer Science, University of Waikato (1999)

    Google Scholar 

  2. Peng, H., Long, F., Ding, C.: Feature Selection Based on Mutual Information: Criteria of Max-Dependency, Max-Relevance, and Min-Redundancy. IEEE Transactions on Pattern Analysis and Machine Intelligence 27, 1226–1238 (2005)

    Article  Google Scholar 

  3. Weka, the Data Mining Software in Java, http://www.cs.waikato.ac.nz/ml/weka/

  4. Guyon, I., Gunn, S., Nikravesh, M., Zadeh, L.A.: Feature Extraction: Foundations and Applications. Studies in Fuzziness and Soft Computing. Springer, Heidelberg (2006)

    Book  MATH  Google Scholar 

  5. Chang, C.T.: On the Polynomial Mixed 0-1 Fractional Programming Problems. European Journal of Operational Research 131, 224–227 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  6. TOMLAB, The Optimization Environment in MATLAB, http://tomopt.com/

  7. KDD Cup 1999 Data Set (1999), http://www.sigkdd.org/kddcup/index.php?section=1999&method=data

  8. Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Francisco (1993)

    Google Scholar 

  9. Gu, G., Fogla, P., Dagon, D., Lee, W., Skoric, B.: Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 527–546. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Crescenzo, G.D., Ghosh, A., Talpade, R.: Towards a Theory of Intrusion Detection. In: Capitani, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 267–286. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Nguyen, H., Franke, K., Petrović, S.: Improving Effectiveness of Intrusion Detection by Correlation Feature Selection. In: International Conference on Availability, Reliability and Security (ARES), pp. 17–24. IEEE Press, New York (2010)

    Chapter  Google Scholar 

  12. Nguyen, H., Franke, K., Petrović, S.: Optimizing a Class of Feature Selection Measures. In: NIPS 2009 Workshop on Discrete Optimization in Machine Learning: Submodularity, Sparsity & Polyhedra (DISCML), Vancouver, Canada (2009)

    Google Scholar 

  13. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: International Symposium on Applications and the Internet (SAINT), pp. 209–217. IEEE Press, Los Alamitos (2003)

    Google Scholar 

  14. Chebrolu, S., Abraham, A., Thomas, J.: Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers & Security 4, 295–307 (2005)

    Article  Google Scholar 

  15. McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM TISSEC 3, 262–294 (2000)

    Article  Google Scholar 

  16. Sabhnani, M., Serpen, G.: Why Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Data Set. Intelligent Data Analysis 8, 403–415 (2004)

    Google Scholar 

  17. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. John Wiley& Sons, New York (2001)

    MATH  Google Scholar 

  18. Chen, Y., Li, Y., Cheng, X.Q., Guo, L.: Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 153–167. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Liu, H., Motoda, H.: Computational Methods of Feature Selection. Chapman & Hall/CRC, Boca Raton (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Information Security Laboratory, Gjøvik University College, Norway

    Hai Thanh Nguyen, Slobodan Petrović & Katrin Franke

Authors
  1. Hai Thanh Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Slobodan Petrović
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Katrin Franke
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nguyen, H.T., Petrović, S., Franke, K. (2010). A Comparison of Feature-Selection Methods for Intrusion Detection. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2010. Lecture Notes in Computer Science, vol 6258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14706-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14706-7_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14705-0

  • Online ISBN: 978-3-642-14706-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation