The effect of destination linked feature selection in real-time network intrusion detection

Abstract

As internet usage rapidly increases in both private and corporate sectors, the study of network intrusion detection is continuously becoming more relevant and has thus been evolving substantially in recent years. One of the most interesting techniques in the network intrusion detection system (NIDS) is the feature selection technique. The ability of NIDS to accurately identify intrusion from the network traffic relies heavily on feature selection, which describes the pattern of the network packets. The objective of this paper is to eliminate unnecessary features from the dataset, namely destination linked features of the network packet, and train a classification model on the remaining features using a k-Nearest Neighbor (k-NN) classifier. Elimination of the insignificant features leads to a simplified problem and may enhance detection rate, which is itself a problem in network intrusion detection system. Furthermore, removal of specifically the destination linked features will allow the trained model to be capable of identifying the attack/intrusion in real-time before it reaches its destination. To evaluate the accuracy of this method, we compare the results of our model trained without destination linked features to the same model trained with features incorporating destination linked features. The results show a similar detection rate for both trained models, but our model has a distinct advantage in that it treats the entire transaction in real-time.