| ¡¡ | Chinese Journal of Computers Full Text |
| Title | An Efficient Feature Selection Algorithm Toward Building Lightweight Intrusion Detection System |
| Authors | CHEN You1),2) SHEN Huaª²Wei1),2) LI Yang1),2) CHENG Xueª²Qi1) |
| Address | 1)(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080) 2£©(Graduate University of Chinese Academy of Sciences, Beijing 100039) |
| Year | 2007 |
| Issue | No.8(1398¡ª1408) |
| Abstract & Background | Abstract Feature selection is one of the most important problems in network security, pattern recognition and data mining areas. For high dimension data, feature selection not only can improve the accuracy and efficiency of classification, but also discover informative subset. This paper proposes a new feature selection algorithm aiming at building lightweight intrusion detection system (IDS) by (1) using a hybrid strategy of genetic algorithm and tabu search (GATS) as search strategy to specify a candidate subset for evaluation; (2) using modified linear Support Vector Machines (SVMs) iterative procedure as wrapper approach to obtain the optimum feature subset. The authors have examined the feasibility of the feature selection algorithm by conducting several experiments on KDD1999 intrusion detection dataset which was categorized as DOS£¬ PROBE£¬ R2L and U2R. The experimental results show that the approach is able not only to speed up the process of selecting important features but also to guarantee high detection rates. Furthermore, the experiments indicate that intrusion detection system with a combination of feature selection algorithm has better performances than that without feature selection algorithm in terms of building time, testing time and detection rates. keywords feature selection; genetic algorithm; tabu search; linear support vector machines; intrusion detection system background Intrusion detection system (IDS) deals with huge amount of data which contains irrelevant and redundant features causing slow training and testing process, higher resource consumption as well as poor detection rate. Existing studies to build lightweight IDS have proposed two main approaches: parameters optimization of classification algorithms and feature selection of audit data. Feature selection is one of the key topics in IDS. Feature selection involves finding a subset of features to improve prediction accuracy or decrease the size of the structure without significantly decreasing prediction accuracy of the classifier built using only the selected features. Methods for feature selection have been essentially divided into two categories: filter methods and wrapper methods. Wrapper methods generally perform better than filter methods, but they involve some more computational complexity and require more execution time than the filter methods. Some researchers have proposed hybrid feature selection methods which combine wrapper and filter methods. However, the number of selected features is large and the performances of intrusion detection system which based on hybrid feature selection are not perfect. Current research results show that wrapper feature selection algorithm performs better than other two methods, except its computational complexity. Therefore, this paper proposes a novel wrapperª²based feature selection algorithm to build lightweight IDS. The approach is able not only to solve the computational complexity but also to guarantee high detection rates. The researches of this paper are supported in part by the National Basic Research Program(973 Program) of China under grant Noª±2004CB318109 and the National Information Security Project of China under grant Noª±2005C39. The former project is to develop a security analysis of network systems. The latter is to build lightweight IDS. The work in this paper is part of the research on building lightweight IDS, trying to use novel feature selection algorithm toward building lightweight IDS. |