A novel feature selection approach for intrusion detection data classification

Mohammed A. Ambusaidi; Xiangjian He; Zhiyuan Tan; Priyadarsi Nanda; Liang Fu Lu; Upasana T. Nagar

doi:10.1109/TrustCom.2014.15

A novel feature selection approach for intrusion detection data classification

Mohammed A. Ambusaidi, Xiangjian He, Zhiyuan Tan, Priyadarsi Nanda, Liang Fu Lu, Upasana T. Nagar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

27 Citations (Scopus)

1606 Downloads (Pure)

Abstract

Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other state-of-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.

Original language	English
Title of host publication	13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014
Publisher	IEEE
Pages	82-89
Number of pages	8
ISBN (Electronic)	978-1-4799-6513-7
ISBN (Print)	978-1-4799-6514-4
DOIs	https://doi.org/10.1109/TrustCom.2014.15
Publication status	Published - 19 Jan 2015
Externally published	Yes
Event	13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 2014 - Future Internet Technology (FIT) Building, Tsinghua University, Beijing, China Duration: 24 Sept 2014 → 26 Sept 2014 Conference number: 13 http://www.greenorbs.org/TrustCom2014/

Publication series

Name
Publisher	IEEE Computer Society

Conference

Conference	13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 2014
Abbreviated title	TrustCom 2014
Country/Territory	China
City	Beijing
Period	24/09/14 → 26/09/14
Internet address	http://www.greenorbs.org/TrustCom2014/

Keywords

EWI-25641
SCS-Cybersecurity
IR-93919
Floating search
METIS-309857
Mutual information
Feature Selection
Least square support vector machines
Intrusion Detection

Access to Document

10.1109/TrustCom.2014.15

Ambu-Camera-readyAccepted author version, 339 KB

Cite this

@inproceedings{b821d524ff034e2c960c9e15c1a3d2bf,

title = "A novel feature selection approach for intrusion detection data classification",

abstract = "Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other state-of-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.",

keywords = "EWI-25641, SCS-Cybersecurity, IR-93919, Floating search, METIS-309857, Mutual information, Feature Selection, Least square support vector machines, Intrusion Detection",

author = "Ambusaidi, {Mohammed A.} and Xiangjian He and Zhiyuan Tan and Priyadarsi Nanda and Lu, {Liang Fu} and Nagar, {Upasana T.}",

year = "2015",

month = jan,

day = "19",

doi = "10.1109/TrustCom.2014.15",

language = "English",

isbn = "978-1-4799-6514-4",

publisher = "IEEE",

pages = "82--89",

booktitle = "13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014",

address = "United States",

note = "13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 2014, TrustCom 2014 ; Conference date: 24-09-2014 Through 26-09-2014",

url = "http://www.greenorbs.org/TrustCom2014/",

}

Ambusaidi, MA, He, X, Tan, Z, Nanda, P, Lu, LF & Nagar, UT 2015, A novel feature selection approach for intrusion detection data classification. in 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, pp. 82-89, 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 2014, Beijing, China, 24/09/14. https://doi.org/10.1109/TrustCom.2014.15

A novel feature selection approach for intrusion detection data classification. / Ambusaidi, Mohammed A.; He, Xiangjian; Tan, Zhiyuan et al.
13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014. IEEE, 2015. p. 82-89.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - A novel feature selection approach for intrusion detection data classification

AU - Ambusaidi, Mohammed A.

AU - He, Xiangjian

AU - Tan, Zhiyuan

AU - Nanda, Priyadarsi

AU - Lu, Liang Fu

AU - Nagar, Upasana T.

N1 - Conference code: 13

PY - 2015/1/19

Y1 - 2015/1/19

N2 - Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other state-of-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.

AB - Intrusion Detection Systems (IDSs) play a significant role in monitoring and analyzing daily activities occurring in computer systems to detect occurrences of security threats. However, the routinely produced analytical data from computer networks are usually of very huge in size. This creates a major challenge to IDSs, which need to examine all features in the data to identify intrusive patterns. The objective of this study is to analyze and select the more discriminate input features for building computationally efficient and effective schemes for an IDS. For this, a hybrid feature selection algorithm in combination with wrapper and filter selection processes is designed in this paper. Two main phases are involved in this algorithm. The upper phase conducts a preliminary search for an optimal subset of features, in which the mutual information between the input features and the output class serves as a determinant criterion. The selected set of features from the previous phase is further refined in the lower phase in a wrapper manner, in which the Least Square Support Vector Machine (LSSVM) is used to guide the selection process and retain optimized set of features. The efficiency and effectiveness of our approach is demonstrated through building an IDS and a fair comparison with other state-of-the-art detection approaches. The experimental results show that our hybrid model is promising in detection compared to the previously reported results.

KW - EWI-25641

KW - SCS-Cybersecurity

KW - IR-93919

KW - Floating search

KW - METIS-309857

KW - Mutual information

KW - Feature Selection

KW - Least square support vector machines

KW - Intrusion Detection

U2 - 10.1109/TrustCom.2014.15

DO - 10.1109/TrustCom.2014.15

M3 - Conference contribution

SN - 978-1-4799-6514-4

SP - 82

EP - 89

BT - 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014

PB - IEEE

T2 - 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications 2014

Y2 - 24 September 2014 through 26 September 2014

ER -

A novel feature selection approach for intrusion detection data classification

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this