Modeling Network Intrusion Detection System Using Feature Selection and Parameters Optimization

Dong Seong KIM  Jong Sou PARK  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.4   pp.1050-1057
Publication Date: 2008/04/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.4.1050
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Application Information Security
Keyword: 
intrusion detection system,  genetic algorithm,  support vector machines,  filter method,  random forest,  feature selection,  parameters optimization,  network security,  

Full Text: PDF>>
Buy this Article




Summary: 
Previous approaches for modeling Intrusion Detection System (IDS) have been on twofold: improving detection model(s) in terms of (i) feature selection of audit data through wrapper and filter methods and (ii) parameters optimization of detection model design, based on classification, clustering algorithms, etc. In this paper, we present three approaches to model IDS in the context of feature selection and parameters optimization: First, we present Fusion of Genetic Algorithm (GA) and Support Vector Machines (SVM) (FuGAS), which employs combinations of GA and SVM through genetic operation and it is capable of building an optimal detection model with only selected important features and optimal parameters value. Second, we present Correlation-based Hybrid Feature Selection (CoHyFS), which utilizes a filter method in conjunction of GA for feature selection in order to reduce long training time. Third, we present Simultaneous Intrinsic Model Identification (SIMI), which adopts Random Forest (RF) and shows better intrusion detection rates and feature selection results, along with no additional computational overheads. We show the experimental results and analysis of three approaches on KDD 1999 intrusion detection datasets.