Mutual information-based feature selection for intrusion detection systems

Amiri, Fatemeh; Yousefi, Masoud; Lucas, Caro; Shakery, Azadeh; Yazdani, Nasser

doi:10.1016/j.jnca.2011.01.002

Cited by 392 publications

(190 citation statements)

References 37 publications

Supporting

Mentioning

186

Contrasting

Unclassified

Order By: Relevance

“…Therefore, the choice of attributes directly affect the effect of clustering, so we must select a set that can distinguish normal and abnormal behavior efficiently. In this paper, we use feature selection method to select the attributes of clustering [11]. Table 1 lists the 12 feature attributes selected for each object and their corresponding weights.…”

Section: Datamentioning

confidence: 99%

A Method for Detecting Large-scale Network Anomaly Behavior

Luo

2018

ITM Web Conf.

View full text Add to dashboard Cite

Abstract.A clustering model identification method based on the statistics has been proposed to improve the ability to detect scale anomaly behavior of the traditional anomaly detection technology. By analyzing the distribution of the distance between each clustering objects and clustering center to identify anomaly behavior. It ensures scale abnormal behavior identification while keeping the processing mechanism of the traditional anomaly detection technology for isolation, and breaking through the limitation of the traditional anomaly detection method assumes that abnormal data is the isolation. In order to improve the precision of clustering, we correct the Euclidean distance with the entropy value method to weight the attribute of the data, it optimizes the similarity evaluating electric of the nearest neighbor clustering algorithm, and simulated. Experimental results show that the statistical method and the improved clustering method is more efficient and self-adaptive.

show abstract

Section: Datamentioning

confidence: 99%

A Method for Detecting Large-scale Network Anomaly Behavior

Luo

2018

ITM Web Conf.

View full text Add to dashboard Cite

show abstract

“…As performance metrics, The Detection Rates (DRs), Accuracy, and False Alarm Rate (FAR), which are commonly used in IDS related papers [2], [7], [8], [37], are calculated. (14), (15), and (16) describe the DR, FAR, and Accuracy, respectively.…”

Section: Evaluation Criteriamentioning

confidence: 99%

“…Traditionally, intrusion detection methods fall into two main categories according to their method of detection [1], [2]. These categories are signature-based detection (also known as knowledge-based detection or misuse detection) and anomaly-based detection (also known as behaviorbased detection).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Akyol

Hacıbeyoğlu

Karlık

2016

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYWith the increase of network components connected to the Internet, the need to ensure secure connectivity is becoming increasingly vital. Intrusion Detection Systems (IDSs) are one of the common security components that identify security violations. This paper proposes a novel multilevel hybrid classifier that uses different feature sets on each classifier. It presents the Discernibility Function based Feature Selection method and two classifiers involving multilayer perceptron (MLP) and decision tree (C4.5). Experiments are conducted on the KDD'99 Cup and ISCX datasets, and the proposal demonstrates better performance than individual classifiers and other proposed hybrid classifiers. The proposed method provides significant improvement in the detection rates of attack classes and Cost Per Example (CPE) which was the primary evaluation method in the KDD'99

show abstract

“…Research on developing innovative, hybrid or ensemble based classifiers [1]- [4], feature selection techniques [5]- [8], and on the training dataset. Research on dataset is minimal.…”

Section: Related Workmentioning

confidence: 99%

Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Subramanian¹,

Ong²

2014

JACN

View full text Add to dashboard Cite

Abstract-This paper presents the analysis of the effect of clustering the training data and test data in classification efficiency of Naive Bayes classifier. KDD cup 99 benchmark dataset is used in this research. The training set is clustered using k means clustering algorithm into 5 clusters. Then 8800 samples are taken from the clusters to form the training and test set. The results are compared with that of two Naive Bayes classifiers trained on random sampled data containing 8800 and 17600 instances respectively. The main contribution of this paper is that it is empirically proved that the training set derived from clusters generated by k-means clustering algorithm improves the classification efficiency of the Naive Bayes classifier. The results show the accuracy of the Naive Bayes classifier trained with clustered instances is 94.4% while that of normal instances are 85.41% and 89.26%.

show abstract

Mutual information-based feature selection for intrusion detection systems

Cited by 392 publications

References 37 publications

A Method for Detecting Large-scale Network Anomaly Behavior

A Method for Detecting Large-scale Network Anomaly Behavior

Design of Multilevel Hybrid Classifier with Variant Feature Sets for Intrusion Detection System

Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Contact Info

Product

Resources

About