 |
International Society of Science and Applied Technologies |
| A Comparison of Feature Selection Strategies for Identifying Malicious Network Sessions | ||||
| Author | Maryam M. Najafabadi
|
|||
| Co-Author(s) | Taghi M. Khoshgoftaar; Amri Napolitano
|
|||
| Abstract | The large quantity of the data flowing through the network routers demands that effective and efficient prediction models be built to identify whether a network traffic record is healthy or malicious. In the recent years machine learning methods have been used for the task of Network Intrusion Detection. The prediction models must process a large number of network data very quickly, and so can’t always make the decision based on all the features of a single network traffic record. Some strategies are necessary to find the most salient elements of each record, so that malicious traffic records can be identified quickly without delaying healthy traffic. It is important to understand which features are most relevant to determining if a network traffic record is malicious and whether a simple model built from these features can be as effective as a model which uses all these features. Feature selection is an important pre-processing step in the detection of network attacks. The goal is to increase the overall effectiveness of an Intrusion detection system by removing irrelevant and redundant features without negatively affecting the classification performance. Although some works have performed feature selection methods on the KDD 99 dataset, there is no comprehensive comparison of different feature selection approaches for the more recent dataset, the Kyoto 2006+. In the present work, we compare four filter-based feature selection methods that are chosen from two categories. Three filter-based feature rankers and one filter-based subset evaluation technique are compared together along with null case which applies no feature selection. We find that among all the feature selection methods Signal to Noise (S2N) gives the best performance results and its performance outperforms the performance of no feature selection approach in all the experiments.
|
|||
| Keywords | Intrusion Detection, Feature selection | |||
| Article #: 21161 | ||||
August 6-8, 2015 - Philadelphia, Pennsylvia, U.S.A. |