KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Feature Selection Algorithms in Intrusion Detection System: A Survey

  • MAZA, Sofiane (Department of Computer Science, University of Ferhat Abbas Setif-1) ;
  • TOUAHRIA, Mohamed (Department of Computer Science, University of Ferhat Abbas Setif-1)
  • Received : 2017.12.18
  • Accepted : 2018.05.05
  • Published : 2018.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Regarding to the huge number of connections and the large flow of data on the Internet, Intrusion Detection System (IDS) has a difficulty to detect attacks. Moreover, irrelevant and redundant features influence on the quality of IDS precisely on the detection rate and processing cost. Feature Selection (FS) is the important technique, which gives the issue for enhancing the performance of detection. There are different works have been proposed, but a map for understanding and constructing a state of the FS in IDS is still need more investigation. In this paper, we introduce a survey of feature selection algorithms for intrusion detection system. We describe the well-known approaches that have been proposed in FS for IDS. Furthermore, we provide a classification with a comparative study between different contribution according to their techniques and results. We identify a new taxonomy for future trends and existing challenges.

Keywords

References

  1. Wu. S.X., Banzhaf. W, "The use of computational intelligence in intrusion detection systems: A review," Applied soft computing, Vol. 10, No. (1), PP. 1-35, 2010. https://doi.org/10.1016/j.asoc.2009.06.019
  2. Tsang. C.-H, Kwong. S, Wang. H, "Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection," Pattern Recognition, Vol. 40, No. (9), PP. 2373-2391, 2007. https://doi.org/10.1016/j.patcog.2006.12.009
  3. Liao. H.-J., Lin. C.-H.R., Lin, Y.-C., Tung, K.-Y. "Intrusion detection system: A comprehensive review," Journal of Network and Computer Applications, Vol. 36, No. (1), PP. 16-24, 2013. https://doi.org/10.1016/j.jnca.2012.09.004
  4. Ganapathy, S., Kulothungan, K., Muthurajkumar, S., Vijayalakshmi, M., Yogesh, P., Kannan. A, "Intelligent feature selection and classification techniques for intrusion detection in networks: a survey," EURASIP Journal on Wireless Communications and Networking, Vol. 2013, No. (1), PP. 271, 2013. https://doi.org/10.1186/1687-1499-2013-271
  5. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A, "A detailed analysis of the KDD CUP 99 data set," In: Computational Intelligence for Security and Defense Applications, CISDA 2009. IEEE Symposium on 2009, pp. 1-6. IEEE, 2009.
  6. Lin, S.-W., Ying, K.-C., Lee, C.-Y., Lee, Z.-J, "An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection," Applied Soft Computing, Vol. 12, No. (10), PP. 3285-3290, 2012. https://doi.org/10.1016/j.asoc.2012.05.004
  7. Kim, G., Lee, S., Kim. S, "A novel hybrid intrusion detection method integrating anomaly detection with misuse detection," Expert Systems with Applications, Vol. 41, No. (4), PP. 1690-1700, 2014. https://doi.org/10.1016/j.eswa.2013.08.066
  8. Goeschel, K, "Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis," in Proc. of SoutheastCon, 2016, pp. 1-6. IEEE, 2016.
  9. Aburomman, A.A., Reaz, M.B.I, "A novel SVM-kNN-PSO ensemble method for intrusion detection system," Applied Soft Computing, Vol. 38, PP. 360-372, 2016. https://doi.org/10.1016/j.asoc.2015.10.011
  10. Jaiswal, S., Saxena, K., Mishra, A., Sahu, S.K, "A KNN-ACO approach for intrusion detection using KDDCUP'99 dataset," in Proc. of Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on 2016, pp. 628-633. IEEE
  11. Dhopte, S., Chaudhari, M, "Genetic Algorithm for Intrusion Detection System," IJRIT International Journal of Research in Information Technology, Vol. 2, No. (3), PP. 503-509, 2014.
  12. Sengupta, N., Sen, J., Sil, J., Saha.M, "Designing of on line intrusion detection system using rough set theory and Q-learning algorithm," Neurocomputing, Vol. 111, PP. 161-168, 2013. https://doi.org/10.1016/j.neucom.2012.12.023
  13. Raman, M.G., Somu, N., Kirthivasan, K., Sriram, V.S, "A hypergraph and arithmetic residue-based probabilistic neural network for classification in intrusion detection systems," Neural Networks, Vol. 92, PP. 89-97, 2017. https://doi.org/10.1016/j.neunet.2017.01.012
  14. Subba, B., Biswas, S., Karmakar. S, "A Neural Network based system for Intrusion Detection and attack classification," in Proc. of Communication (NCC), 2016 Twenty Second National Conference on 2016, pp. 1-6. IEEE.
  15. De la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J., Martinez-Alvarez. A, "Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps," Knowledge-Based Systems, Vol. 71, PP. 322-338, 2014. https://doi.org/10.1016/j.knosys.2014.08.013
  16. Ahmad. I, "Feature selection using particle swarm optimization in intrusion detection," International Journal of Distributed Sensor Networks, Vol. 11, No. (10), PP. 806954, 2015.
  17. Liu, H., Yu. L,"Toward integrating feature selection algorithms for classification and clustering," IEEE Transactions on knowledge and data engineering, Vol. 17, No. (4), PP. 491-502, 2005. https://doi.org/10.1109/TKDE.2005.66
  18. Bostani, H., Sheikhan.M, "Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems," Soft computing, Vol. 21, No. (9), PP. 2307-2324, 2017. https://doi.org/10.1007/s00500-015-1942-8
  19. Kolias, C., Kambourakis, G., Maragoudakis. M, "Swarm intelligence in intrusion detection: A survey," computers & security, Vol. 30, No. (8), PP. 625-642, 2011. https://doi.org/10.1016/j.cose.2011.08.009
  20. Zhou, C.V., Leckie, C., Karunasekera. S, "A survey of coordinated attacks and collaborative intrusion detection," Computers & Security, Vol. 29, No. (1), PP. 124-140, 2010. https://doi.org/10.1016/j.cose.2009.06.008
  21. Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez. E, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers & Security, Vol. 28, No. (1-2), PP. 18-28, 2009. https://doi.org/10.1016/j.cose.2008.08.003
  22. The drapa dataset. 1998.
  23. The kdd cup 1999 dataset. 1999.
  24. The nsl-kdd dataset. 2009.
  25. McHugh. J, "Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory," ACM Transactions on Information and System Security (TISSEC), Vol. 3, No. (4), PP. 262-294, 2000. https://doi.org/10.1145/382912.382923
  26. Luo, B., Xia. J, "A novel intrusion detection system based on feature generation with visualization strategy," Expert Systems with Applications, Vol. 41, No. (9), PP. 4139-4147, 2014. https://doi.org/10.1016/j.eswa.2013.12.048
  27. Amiri, F., Yousefi, M.R., Lucas, C., Shakery, A., Yazdani. N,"Mutual information-based feature selection for intrusion detection systems," Journal of Network and Computer Applications, Vol. 34, No. (4), PP. 1184-1199, 2011. https://doi.org/10.1016/j.jnca.2011.01.002
  28. Kang, S.-H., Kim, K.J, "A feature selection approach to find optimal feature subsets for the network intrusion detection system," Cluster Computing, Vol. 19, No. (1), PP. 325-333, 2016. https://doi.org/10.1007/s10586-015-0527-8
  29. Qin, Z., Feng, C., Wang, Y., Li. F, "Conditional Mutual Information‐Based Feature Selection Analyzing for Synergy and Redundancy," Etri Journal, Vol. 33, No. (2), PP. 210-218, 2011. https://doi.org/10.4218/etrij.11.0110.0237
  30. Xue, B., Cervante, L., Shang, L., Browne, W.N., Zhang. M, "A multi-objective particle swarm optimisation for filter-based feature selection in classification problems," Connection Science, Vol. 24, No. (2-3), PP. 91-116, 2012. https://doi.org/10.1080/09540091.2012.737765
  31. Qu, G., Hariri, S., Yousif. M, "A new dependency and correlation analysis for features," IEEE Transactions on Knowledge and Data Engineering, Vol. 17, No. (9), PP. 1199-1207, 2005. https://doi.org/10.1109/TKDE.2005.136
  32. Xue .B, "Particle swarm optimisation for feature selection in classification," A thesis submitted to the Victoria University of Wellington in fulfilment of the requirements for the degree of Doctor of Philosophy in Computer Science. Victoria University of Wellington, 2014.
  33. Chen, Y., Li, Y., Cheng, X.-Q., Guo. L, "Survey and taxonomy of feature selection algorithms in intrusion detection system," in Proc. of International Conference on Information Security and Cryptology 2006, pp. 153-167. Springer, 2006.
  34. Salappa, A., Doumpos, M., Zopounidis. C, "Feature selection algorithms in classification problems: An experimental evaluation," Optimisation Methods and Software, Vol. 22, No. (1), PP. 199-212, 2007. https://doi.org/10.1080/10556780600881910
  35. Xue, B., Qin, A.K., Zhang. M, "An archive based particle swarm optimisation for feature selection in classification," in Proc. of Evolutionary Computation (CEC), 2014 IEEE Congress on 2014, pp. 3119-3126. IEEE, 2014.
  36. Bolon-Canedo, V., Sanchez-Marono, N., Alonso-Betanzos. A, "Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset," Expert Systems with Applications, Vol. 38, No. (5), PP. 5947-5957, 2011. https://doi.org/10.1016/j.eswa.2010.11.028
  37. Parsazad, S., Saboori, E., Allahyar. A, "Fast feature reduction in intrusion detection datasets," in Proc. of MIPRO, 2012 Proceedings of the 35th International Convention 2012, pp. 1023-1029. IEEE, 2012.
  38. Eid, H.F., Hassanien, A.E., Kim, T.-h., Banerjee. S, "Linear correlation-based feature selection for network intrusion detection model," in Proc. of Advances in Security of Information and Communication Networks. pp. 240-248. Springer, 2013.
  39. Le Thi, H.A., Le, A.V., Vo, X.T., Zidna. A, "A filter based feature selection approach in msvm using dca and its application in network intrusion detection," in Proc. of Asian Conference on Intelligent Information and Database Systems 2014, pp. 403-413. Springer, 2014.
  40. Balakrishnan, S., Venkatalakshmi, K., Kannan. A, "Intrusion detection system using Feature selection and Classification technique," International Journal of Computer Science and Application (IJCSA) Vol. 3, No. (4), November 2014, 2014.
  41. Thaseen, I.S., Kumar, C.A, " Intrusion detection model using fusion of chi-square feature selection and multi class SVM," Journal of King Saud University-Computer and Information Sciences, Vol. 29, No. (4), PP. 462-472, 2017. https://doi.org/10.1016/j.jksuci.2015.12.004
  42. Thaseen, I.S., Kumar, C.A, "Intrusion Detection Model Using Chi Square Feature Selection and Modified Naïve Bayes Classifier," in Proc. of Proceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC-16') 2016, pp. 81-91. Springer.
  43. Bahl, S., Sharma, S.K, "A minimal subset of features using correlation feature selection model for intrusion detection system," in Proc. of Proceedings of the Second International Conference on Computer and Communication Technologies 2016, pp. 337-346. Springer, 2016.
  44. Panigrahi, A., Patra, M.R, "Performance Evaluation of Rule Learning Classifiers in Anomaly Based Intrusion Detection," in Proc. of Computational Intelligence in Data Mining. Vol 2. pp. 97-108. Springer, 2016.
  45. Nguyen, H.T., Petrovic, S., Franke. K, "A comparison of feature-selection methods for intrusion detection," in Proc. of International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security 2010, pp. 242-255. Springer, 2010.
  46. Ahmad, I., Hussain, M., Alghamdi, A., Alelaiwi. A, "Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components," Neural computing and applications, Vol. 24, No. (7-8), PP. 1671-1682, 2014. https://doi.org/10.1007/s00521-013-1370-6
  47. Laamari, M.A., Kamel. N, "A hybrid bat based feature selection approach for intrusion detection," in Proc. of Bio-Inspired Computing-Theories and Applications. pp. 230-238. Springer, 2014.
  48. Song, J., Zhu, Z., Price. C, "Feature grouping for intrusion detection system based on hierarchical clustering," in Proc. of International Conference on Availability, Reliability, and Security 2014, pp. 270-280. Springer, 2014.
  49. Yin, C., Ma, L., Feng. L, "Towards accurate intrusion detection based on improved clonal selection algorithm," Multimedia Tools and Applications, Vol. 76, No. (19), PP. 19397-19410, 2017. https://doi.org/10.1007/s11042-015-3117-0
  50. Ravale, U., Marathe, N., Padiya. P, "Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function," Procedia Computer Science, Vol. 45, PP. 428-435, 2015. https://doi.org/10.1016/j.procs.2015.03.174
  51. Thaseen, I.S., Kumar, C.A, "An integrated intrusion detection model using consistency based feature selection and LPBoost," in Proc. of Green Engineering and Technologies (IC-GET), 2016 Online International Conference on 2016, pp. 1-6. IEEE, 2016.
  52. Raman, M.G., Somu, N., Kirthivasan, K., Liscano, R., Sriram, V.S, "An efficient intrusion detection system based on hypergraph-Genetic algorithm for parameter optimization and feature selection in support vector machine," Knowledge-Based Systems, Vol. 134, PP. 1-12, 2017. https://doi.org/10.1016/j.knosys.2017.07.005
  53. Aljawarneh, S., Aldwairi, M., Yassein, M.B, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," Journal of Computational Science, 2017.
  54. Khammassi, C., Krichen. S, "A GA-LR wrapper approach for feature selection in network intrusion detection," Computers & Security, Vol. 70, PP. 255-277, 2017. https://doi.org/10.1016/j.cose.2017.06.005
  55. Sun, N.-Q., Li. Y, "Intrusion detection based on back-propagation neural network and feature selection mechanism," in Proc. of International Conference on Future Generation Information Technology 2009, pp. 151-159. Springer, 2009.
  56. Chen, Y., Abraham, A., Yang. J, "Feature selection and intrusion detection using hybrid flexible neural tree," in Proc. of International Symposium on Neural Networks 2005, pp. 439-444. Springer, 2009.
  57. Subbulakshmi, T., Ramamoorthi, A., Shalinie, S.M, "Feature Selection and Classification of Intrusions Using Genetic Algorithm and Neural Networks," Recent Trends in Networks and Communications. pp. 223-234. Springer, 2010.
  58. Biswas, N.A., Shah, F.M., Tammi, W.M., Chakraborty. S, "FP-ANK: An improvised intrusion detection system with hybridization of neural network and K-means clustering over feature selection by PCA," in Proc. of Computer and Information Technology (ICCIT), 2015 18th International Conference on 2015, pp. 317-322. IEEE, 2015.
  59. Manzoor, I., Kumar. N, "A feature reduced intrusion detection system using ANN classifier," Expert Systems with Applications, Vol. 88, PP. 249-257, 2017.
  60. Reardon, B.J, "Fuzzy logic versus niched Pareto multiobjective genetic algorithm optimization," Modelling and Simulation in Materials Science and Engineering, Vol. 6, No. (6), PP. 717, 1998. https://doi.org/10.1088/0965-0393/6/6/004
  61. El Ougli. A, "Integration des techniques floues a la synthèse de controleurs adaptatifs," 2009.
  62. Muthurajkumar, S., Kulothungan, K., Vijayalakshmi, M., Jaisankar, N., Kannan. A, "A Rough Set based feature Selection Algorithm for Effective Intrusion Detection in Cloud Mode," in Proc. of Proceedings of the international conference on advances in communication, network, and computing 2013, pp. 8-13, 2013.
  63. Beer, F., Buhler. U, "Feature selection for flow-based intrusion detection using Rough Set Theory," in Proc. of Networking, Sensing and Control (ICNSC), 2017 IEEE 14th International Conference on 2017, pp. 617-624. IEEE, 2017.
  64. El-Alfy, E.-S.M., Al-Obeidat, F.N, "A multicriterion fuzzy classification method with greedy attribute selection for anomaly-based intrusion detection," Procedia Computer Science, Vol. 34, PP. 55-62, 2014. https://doi.org/10.1016/j.procs.2014.07.037
  65. Ramakrishnan, S., Devaraju. S, "Attack's feature selection-based network intrusion detection systzm using fuzzy control language," International Journal of Fuzzy Systems, Vol. 19, No. (2), PP. 316-328, 2017. https://doi.org/10.1007/s40815-016-0160-6
  66. Raman, M.G., Kirthivasan, K., Sriram, V.S, "Development of Rough Set-Hypergraph Technique for Key Feature Identification in Intrusion Detection Systems," Computers & Electrical Engineering, Vol. 59, PP. 189-200, 2017. https://doi.org/10.1016/j.compeleceng.2017.01.006
  67. Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai. K, "An efficient intrusion detection system based on support vector machines and gradually feature removal method," Expert Systems with Applications, Vol. 39, No. (1), PP. 424-430, 2012. https://doi.org/10.1016/j.eswa.2011.07.032
  68. Gao, H.-H., Yang, H.-H., Wang, X.-Y, "Ant colony optimization based network intrusion feature selection and detection," in Proc. of Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on 2005, pp. 3871-3875. IEEE, 2005.
  69. Varma, P.R.K., Kumari, V.V., Kumar, S.S, "Feature Selection Using Relative Fuzzy Entropy and Ant Colony Optimization Applied to Real-time Intrusion Detection System," Procedia Computer Science, Vol. 85, PP. 503-510, 2016. https://doi.org/10.1016/j.procs.2016.05.203
  70. Zainal, A., Maarof, M.A., Shamsuddin, S.M, "Feature selection using Rough-DPSO in anomaly intrusion detection," in Proc. of International Conference on Computational Science and Its Applications 2007, pp. 512-524. Springer.
  71. Zhou, L.-H., Liu, Y.-H., Chen, G.-L, "A feature selection algorithm to intrusion detection based on cloud model and multi-objective particle swarm optimization," in Proc. of Computational Intelligence and Design (ISCID), 2011 Fourth International Symposium on 2011, pp. 182-185. IEEE, 2011.
  72. Malik, A.J., Khan, F.A, "A Hybrid Technique Using Multi-objective Particle Swarm Optimization and Random Forests for PROBE Attacks Detection in a Network," in Proc. of Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on 2013, pp. 2473-2478. IEEE, 2013.
  73. Sujitha, B., Kavitha. V, "Layered Approach For Intrusion Detection Using Multiobjective Particle Swarm Optimization," International Journal of Applied Engineering Research, Vol. 10, No. (12), PP. 31999-32014, 2015.
  74. Tama, B.A., Rhee, K.H, "A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems," in Proc. of Advances in Computer Science and Ubiquitous Computing. pp. 489-495. Springer, 2015.
  75. Enache, A.-C., Sgarciu, V., Togan. M, "Comparative Study on Feature Selection Methods Rooted in Swarm Intelligence for Intrusion Detection," in Proc. of Control Systems and Computer Science (CSCS), 2017 21st International Conference on 2017, pp. 239-244. IEEE, 2017.
  76. Wazid, M., Das, A.K, "A Secure Group-Based Blackhole Node Detection Scheme for Hierarchical Wireless Sensor Networks," Wireless Personal Communications, Vol. 94, No. (3), PP. 1165-1191, 2017. https://doi.org/10.1007/s11277-016-3676-z
  77. Wazid, M., Das, A.K, "An efficient hybrid anomaly detection scheme using K-means clustering for wireless sensor networks," Wireless Personal Communications, Vol. 90, No. (4), PP. 1971-2000, 2016. https://doi.org/10.1007/s11277-016-3433-3
  78. Wazid, M., Sharma, R., Katal, A., Goudar, R., Bhakuni, P., Tyagi. A, "Implementation and Embellishment of Prevention of Keylogger Spyware Attacks," in Proc. of International Symposium on Security in Computing and Communication 2013, pp. 262-271. Springer, 2013

Cited by

  1. Deep learning algorithms for cyber security applications: A survey vol.29, pp.5, 2018, https://doi.org/10.3233/jcs-200095