Feature selection for anomaly–based network intrusion detection using cluster validity indices

Naidoo, TTapamo, JRMcDonald, Andre M2016-03-152016-03-152015-09Naidoo, T, Tapamo, J.R and McDonald, A. 2015. Feature selection for anomaly–based network intrusion detection using cluster validity indices. In: SATNAC: Africa – The Future Communications Galaxy, 6-9 September 2015, Arabella Hotel & Spa, Western Cape, South Africahttp://hdl.handle.net/10204/8471SATNAC: Africa – The Future Communications Galaxy, 6-9 September 2015, Arabella Hotel & Spa, Western Cape, South AfricaA feature selection algorithm that is novel in the context of anomaly–based network intrusion detection is proposed in this paper. The distinguishing factor of the proposed feature selection algorithm is its complete lack of dependency on labelled data, which is rarely available in operational networks. It uses normalized cluster validity indices as an objective function that is optimized over the search space of candidate feature subsets via a genetic algorithm. Feature sets produced by the algorithm are shown to improve the classification performance of an anomaly–based network intrusion detection system over the NSL-KDD dataset. The system approaches the performance attained by using feature sets derived from labelled training data via existing wrapper and filter–based feature selection algorithms.enNetwork intrusion detectionAnomaly detectionFeature selectionKDD datasetNSL-KDD datasetFeature selection for anomaly–based network intrusion detection using cluster validity indicesConference PresentationNaidoo, T., Tapamo, J., & McDonald, A. (2015). Feature selection for anomaly–based network intrusion detection using cluster validity indices. http://hdl.handle.net/10204/8471Naidoo, T, JR Tapamo, and A McDonald. "Feature selection for anomaly–based network intrusion detection using cluster validity indices." (2015): http://hdl.handle.net/10204/8471Naidoo T, Tapamo J, McDonald A, Feature selection for anomaly–based network intrusion detection using cluster validity indices; 2015. http://hdl.handle.net/10204/8471 .TY - Conference Presentation AU - Naidoo, T AU - Tapamo, JR AU - McDonald, A AB - A feature selection algorithm that is novel in the context of anomaly–based network intrusion detection is proposed in this paper. The distinguishing factor of the proposed feature selection algorithm is its complete lack of dependency on labelled data, which is rarely available in operational networks. It uses normalized cluster validity indices as an objective function that is optimized over the search space of candidate feature subsets via a genetic algorithm. Feature sets produced by the algorithm are shown to improve the classification performance of an anomaly–based network intrusion detection system over the NSL-KDD dataset. The system approaches the performance attained by using feature sets derived from labelled training data via existing wrapper and filter–based feature selection algorithms. DA - 2015-09 DB - ResearchSpace DP - CSIR KW - Network intrusion detection KW - Anomaly detection KW - Feature selection KW - KDD dataset KW - NSL-KDD dataset LK - https://researchspace.csir.co.za PY - 2015 T1 - Feature selection for anomaly–based network intrusion detection using cluster validity indices TI - Feature selection for anomaly–based network intrusion detection using cluster validity indices UR - http://hdl.handle.net/10204/8471 ER -