Conference Paper

Towards a Generic Feature-Selection Measure for Intrusion Detection.

DOI: 10.1109/ICPR.2010.378 Conference: 20th International Conference on Pattern Recognition, ICPR 2010, Istanbul, Turkey, 23-26 August 2010
Source: DBLP


Performance of a pattern recognition system depends strongly on the employed feature-selection method. We perform an in-depth analysis of two main measures used in the filter model: the correlation-feature-selection (CFS) measure and the minimal-redundancy-maximal-relevance (mRMR) measure. We show that these measures can be fused and generalized into a generic feature-selection (GeFS) measure. Further on, we propose a new feature-selection method that ensures globally optimal feature sets. The new approach is based on solving a mixed 0-1 linear programming problem (M01LP) by using the branchand-bound algorithm. In this M01LP problem, the number of constraints and variables is linear (O(n)) in the number n of full set features. In order to evaluate the quality of our GeFS measure, we chose the design of an intrusion detection system (IDS) as a possible application. Experimental results obtained over the KDD Cup '99 test data set for IDS show that the GeFS measure removes 93% of irrelevant and redundant features from the original data set, while keeping or yielding an even better classification accuracy.

Download full-text


Available from: Katrin Franke,
  • Source
    • "The authors establish the effectiveness of their method in terms of efficiency in intrusion detection without compromising the detection rate. An example filter model for feature selection is [62], where the authors fuse correlation-based and minimal redundancy-maximal-relevance measures. They evaluate their method on benchmark intrusion datasets for classification accuracy. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomaly detection. We present attacks normally encountered by network intrusion detection systems. We categorize existing network anomaly detection methods and systems based on the underlying computational techniques used. Within this framework, we briefly describe and compare a large number of network anomaly detection methods and systems. In addition, we also discuss tools that can be used by network defenders and datasets that researchers in network anomaly detection can use. We also highlight research directions in network anomaly detection.
    IEEE Communications Surveys &amp Tutorials 03/2014; 16(1):303-336. DOI:10.1109/SURV.2013.052213.00046 · 6.81 Impact Factor
  • Source

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Feature extraction is the heart of an object recognition system. In recognition problem, features are utilized to classify one class of object from another. The original data is usually of high dimensionality. The objective of the feature extraction is to classify the object, and further to reduce the dimensionality of the measurement space to a space suitable for the application of object classification techniques. In the feature extraction process, only the salient features necessary for the recognition process are retained such that the classification can be implemented on a vastly reduced feature set. In paper we are going to discuss the feature as well as classification technique used in neural network.
Show more