A feature selection algorithm that is novel in the context of anomaly–based network intrusion detection is proposed in this paper. The distinguishing factor of the proposed feature selection algorithm is its complete lack of dependency on labelled data, which is rarely available in operational networks. It uses normalized cluster validity indices as an objective function that is optimized over the search space of candidate feature subsets via a genetic algorithm. Feature sets produced by the algorithm are shown to improve the classification performance of an anomaly–based network intrusion detection system over the NSL-KDD dataset. The system approaches the performance attained by using feature sets derived from labelled training data via existing wrapper and filter–based feature selection
algorithms.
Reference:
Naidoo, T, Tapamo, J.R and McDonald, A. 2015. Feature selection for anomaly–based network intrusion detection using cluster validity indices. In: SATNAC: Africa – The Future Communications Galaxy, 6-9 September 2015, Arabella Hotel & Spa, Western Cape, South Africa
Naidoo, T., Tapamo, J., & McDonald, A. (2015). Feature selection for anomaly–based network intrusion detection using cluster validity indices. http://hdl.handle.net/10204/8471
Naidoo, T, JR Tapamo, and A McDonald. "Feature selection for anomaly–based network intrusion detection using cluster validity indices." (2015): http://hdl.handle.net/10204/8471
Naidoo T, Tapamo J, McDonald A, Feature selection for anomaly–based network intrusion detection using cluster validity indices; 2015. http://hdl.handle.net/10204/8471 .