Mzila, PDube, E2013-08-212013-08-212013-07Mzila, P and Dube, E. 2013. The effect of destination linked feature selection in real-time network intrusion detection. In: ICIMP 2013 : 8th International Conference on Internet Monitoring and Protection, Rome, Italy, 23-28 June 2013http://www.thinkmind.org/index.php?view=article&articleid=icimp_2013_1_20_30012http://hdl.handle.net/10204/6949ICIMP 2013 : 8th International Conference on Internet Monitoring and Protection, Rome, Italy, 23-28 June 2013As internet usage rapidly increases in both private and corporate sectors, the study of network intrusion detection is continuously becoming more relevant and has thus been evolving substantially in recent years. One of the most interesting techniques in the network intrusion detection system (NIDS) is the feature selection technique. The ability of NIDS to accurately identify intrusion from the network traffic relies heavily on feature selection, which describes the pattern of the network packets. The objective of this paper is to eliminate unnecessary features from the dataset, namely destination linked features of the network packet, and train a classification model on the remaining features using a k-Nearest Neighbor (k-NN) classifier. Elimination of the insignificant features leads to a simplified problem and may enhance detection rate, which is itself a problem in network intrusion detection system. Furthermore, removal of specifically the destination linked features will allow the trained model to be capable of identifying the attack/intrusion in real-time before it reaches its destination. To evaluate the accuracy of this method, we compare the results of our model trained without destination linked features to the same model trained with features incorporating destination linked features. The results show a similar detection rate for both trained models, but our model has a distinct advantage in that it treats the entire transaction in real-time.enNetwork intrusion detection systemNIDSFeature selectionPattern recognitionData mining intrusion detectionConference PresentationMzila, P., & Dube, E. (2013). The effect of destination linked feature selection in real-time network intrusion detection. Think Mind 2013. http://hdl.handle.net/10204/6949Mzila, P, and E Dube. "The effect of destination linked feature selection in real-time network intrusion detection." (2013): http://hdl.handle.net/10204/6949Mzila P, Dube E, The effect of destination linked feature selection in real-time network intrusion detection; Think Mind 2013; 2013. http://hdl.handle.net/10204/6949 .TY - Conference Presentation AU - Mzila, P AU - Dube, E AB - As internet usage rapidly increases in both private and corporate sectors, the study of network intrusion detection is continuously becoming more relevant and has thus been evolving substantially in recent years. One of the most interesting techniques in the network intrusion detection system (NIDS) is the feature selection technique. The ability of NIDS to accurately identify intrusion from the network traffic relies heavily on feature selection, which describes the pattern of the network packets. The objective of this paper is to eliminate unnecessary features from the dataset, namely destination linked features of the network packet, and train a classification model on the remaining features using a k-Nearest Neighbor (k-NN) classifier. Elimination of the insignificant features leads to a simplified problem and may enhance detection rate, which is itself a problem in network intrusion detection system. Furthermore, removal of specifically the destination linked features will allow the trained model to be capable of identifying the attack/intrusion in real-time before it reaches its destination. To evaluate the accuracy of this method, we compare the results of our model trained without destination linked features to the same model trained with features incorporating destination linked features. The results show a similar detection rate for both trained models, but our model has a distinct advantage in that it treats the entire transaction in real-time. DA - 2013-07 DB - ResearchSpace DP - CSIR KW - Network intrusion detection system KW - NIDS KW - Feature selection KW - Pattern recognition KW - Data mining intrusion detection LK - https://researchspace.csir.co.za PY - 2013 T1 - The effect of destination linked feature selection in real-time network intrusion detection TI - The effect of destination linked feature selection in real-time network intrusion detection UR - http://hdl.handle.net/10204/6949 ER -