Article

Article title EVALUATION OF FEATURE SPACE FOR INTRUSION DETECTION SYSTEM
Authors R.V. Meshcheriakov, I.A. Hodashinsky, E.N. Gusakova
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 12, 2013 @en
Index UDC 004.021
DOI
Abstract With the rapid growth of computer networks during the past decade, security has become a crucial issue for computer systems. The detection of attacks against computer networks is becoming a harder problem to solve in the field of network security. Intrusion detection is an essential mechanism to protect computer systems from many attacks. As the transmission of data over the Internet increases the need to protect connected system also increases. Therefore, unwanted intrusions take place when the actual software systems are running. In this paper we consider different methods of relevant feature set creation, which applicable to intrusion detection system development. We suggest using genetic algorithm and ant colony algorithm for feature selection. We used the KDD ’99 intrusion detection dataset for experiments. K-nearest neighbor algorithm (kNN) was used for classifying objects. Optimal amount of relevant features is determined with greedy algorithm. Relevant features are selected with genetic algorithm and ant colony algorithm. Classification algorithm parameters are chosen based on experimental results. Genetic algorithm parameters (crossing method, selection method, fitness-function) were manipulated during the experiment. It was found that genetic algorithm parameters do not make influence on its results, but do make influence on the working time. Ant colony algorithm experiments have shown that this algorithm can find groups of relevant features (i.e. those features, that make big influence on classification rate when grouped with other features). Empirical results show that eleven features is enough for classification with error less than 5%. Results of comparison with other researches confirm this.

Download PDF

Keywords Relevant feature; relevance evaluation; intrusion; intrusion detection system; greedy algorithm; genetic algorithm; ant colony algorithm.
References 1. Trost R. Practical Intrusion Analysis. Prevention and Detection for the Twenty-First Century. – Addison-Wesley, 2010. – 455 p.
2. Кормен Т., Лейзерсон Ч., Ривест Р., Штайн К. Алгоритмы: построение и анализ, 2е изд. – М.: Изд. дом «Вильямс», 2005. – 1296 с.
3. Емельянов В.В., Курейчик В.В., Курейчик В.М. Теория и практика эволюционного моделирования. – М.: Физматлит, 2003. – 432 с.
4. Dorigo M., Maniezzo V., Colorni A. Ant System: Optimization by Colony of Cooperating Agents // IEEE Transaction Systems, Man and Cybernetics. – Part B. 1996. – Vol. 26. – P. 29-41.
5. Олейник А.А., Субботин С.А. Мультиагентный метод с непрямой связью между агентами для выделения информативных признаков // Штучний інтелект. – 2009. – № 4. – C. 75-82.
6. KDD-CUP-99 [Электронный ресурс] – Режим доступа: http://kdd.ics.uci.edu/databases/kddcup99/task.html.
7. Olusola A.A., Oladele A.S., Abosede D.O. Analysis of KDD ’99 Intrusion Detection Dataset for Selection of Relevance Features // Proceedings of the World Congress on Engineering and
Computer Science. Vol I. – San Francisco, 2010. – P. 162-168.
8. Kayacık H.G., A. Zincir-Heywood N., Heywood M.I. Selecting Features for Intrusion Detec-
tion: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets [Электронный ресурс]. – Режим доступа: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.66.7574
&rep=rep1&type=pdf.
9. Singh S., Silakari S. An ensemble approach for feature selection of Cyber Attack Dataset // International Journal of Computer Science and Information Security. – 2009. – Vol. 6, № 2.
– P. 297-302.
10. Tavallaee M., Bagheri E., Lu W., Ghorbani A.A. A detailed analysis of the KDD CUP 99 data set // Proceedings IEEE international conference on computational intelligence for security. – Ottawa, 2009. – P. 53-58.
11. Wang W., Knapskog S. J., Gombault S. Attribute Normalization in Network Intrusion Detection // Proceedings 10th International Symposium on Pervasive Systems, Algorithms, and
Networks. – Kaohsiung, 2009. – P. 448-453.
12. Van Dijck G., Van Hulle M., Wevers M. Genetic Algorithm for Feature Subset Selection with Exploitation of Feature Correlations from Continuous Wavelet Transform: a real-case Application // International Journal of Computational Intelligence. – 2004. – Vol. 1. – P. 1-12.
13. Kim Y., Street W. Nick, Menczer F. Feature Selection in Data Mining // Data mining. – 2003. – P. 80-105.
14. Ходашинский И.А., Мещеряков Р.В., Горбунов И.В. Методы нечеткого извлечения знаний в задачах обнаружения вторжений // Вопросы защиты информации. – 2012. – № 1. – С. 45-50.

Comments are closed.