Machine-learning-based feature selection techniques for large-scale network intrusion detection

O. Y. Al-Jarrah; A. Siddiqui; M. Elsalamouny; P. D. Yoo; S. Muhaidat; K. Kim

doi:10.1109/ICDCSW.2014.14

Machine-learning-based feature selection techniques for large-scale network intrusion detection

O. Y. Al-Jarrah, A. Siddiqui, M. Elsalamouny, P. D. Yoo, S. Muhaidat, K. Kim

Electrical Engineering

Department of Industrial and Systems Engineering Korea Advanced Institute of Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

78 Scopus citations

Abstract

Nowadays, we see more and more cyber-attacks on major Internet sites and enterprise networks. Intrusion Detection System (IDS) is a critical component of such infrastructure defense mechanism. IDS monitors and analyzes networks' activities for potential intrusions and security attacks. Machine-learning (ML) models have been well accepted for signature-based IDSs due to their learn ability and flexibility. However, the performance of existing IDSs does not seem to be satisfactory due to the rapid evolution of sophisticated cyber threats in recent decades. Moreover, the volumes of data to be analyzed are beyond the ability of commonly used computer software and hardware tools. They are not only large in scale but fast in/out in terms of velocity. In big data IDS, the one must find an efficient way to reduce the size of data dimensions and volumes. In this paper, we propose novel feature selection methods, namely, RF-FSR (Random Forest-Forward Selection Ranking) and RF-BER (Random Forest-Backward Elimination Ranking). The features selected by the proposed methods were tested and compared with three of the most well-known feature sets in the IDS literature. The experimental results showed that the selected features by the proposed methods effectively improved their detection rate and false-positive rate, achieving 99.8% and 0.001% on well-known KDD-99 dataset, respectively.

Original language	British English
Title of host publication	Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	177-181
Number of pages	5
ISBN (Electronic)	9781479941810
DOIs	https://doi.org/10.1109/ICDCSW.2014.14
State	Published - 29 Aug 2014
Event	2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014 - Madrid, Spain Duration: 30 Jun 2014 → 3 Jul 2014

Publication series

Name	Proceedings - International Conference on Distributed Computing Systems
Volume	30-June-2014

Conference

Conference	2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014
Country/Territory	Spain
City	Madrid
Period	30/06/14 → 3/07/14

Keywords

Feature selection
Intrusion detection system
Machine learning
Random forest

Access to Document

10.1109/ICDCSW.2014.14

Cite this

Al-Jarrah, O. Y., Siddiqui, A., Elsalamouny, M., Yoo, P. D., Muhaidat, S., & Kim, K. (2014). Machine-learning-based feature selection techniques for large-scale network intrusion detection. In Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014 (pp. 177-181). Article 6888858 (Proceedings - International Conference on Distributed Computing Systems; Vol. 30-June-2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCSW.2014.14

Al-Jarrah, O. Y. ; Siddiqui, A. ; Elsalamouny, M. et al. / Machine-learning-based feature selection techniques for large-scale network intrusion detection. Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 177-181 (Proceedings - International Conference on Distributed Computing Systems).

@inproceedings{22d9b8f66d6f4c29b0b82db5d5b7ad77,

title = "Machine-learning-based feature selection techniques for large-scale network intrusion detection",

abstract = "Nowadays, we see more and more cyber-attacks on major Internet sites and enterprise networks. Intrusion Detection System (IDS) is a critical component of such infrastructure defense mechanism. IDS monitors and analyzes networks' activities for potential intrusions and security attacks. Machine-learning (ML) models have been well accepted for signature-based IDSs due to their learn ability and flexibility. However, the performance of existing IDSs does not seem to be satisfactory due to the rapid evolution of sophisticated cyber threats in recent decades. Moreover, the volumes of data to be analyzed are beyond the ability of commonly used computer software and hardware tools. They are not only large in scale but fast in/out in terms of velocity. In big data IDS, the one must find an efficient way to reduce the size of data dimensions and volumes. In this paper, we propose novel feature selection methods, namely, RF-FSR (Random Forest-Forward Selection Ranking) and RF-BER (Random Forest-Backward Elimination Ranking). The features selected by the proposed methods were tested and compared with three of the most well-known feature sets in the IDS literature. The experimental results showed that the selected features by the proposed methods effectively improved their detection rate and false-positive rate, achieving 99.8% and 0.001% on well-known KDD-99 dataset, respectively.",

keywords = "Feature selection, Intrusion detection system, Machine learning, Random forest",

author = "Al-Jarrah, {O. Y.} and A. Siddiqui and M. Elsalamouny and Yoo, {P. D.} and S. Muhaidat and K. Kim",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014 ; Conference date: 30-06-2014 Through 03-07-2014",

year = "2014",

month = aug,

day = "29",

doi = "10.1109/ICDCSW.2014.14",

language = "British English",

series = "Proceedings - International Conference on Distributed Computing Systems",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "177--181",

booktitle = "Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014",

address = "United States",

}

Al-Jarrah, OY, Siddiqui, A, Elsalamouny, M, Yoo, PD, Muhaidat, S & Kim, K 2014, Machine-learning-based feature selection techniques for large-scale network intrusion detection. in Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014., 6888858, Proceedings - International Conference on Distributed Computing Systems, vol. 30-June-2014, Institute of Electrical and Electronics Engineers Inc., pp. 177-181, 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014, Madrid, Spain, 30/06/14. https://doi.org/10.1109/ICDCSW.2014.14

Machine-learning-based feature selection techniques for large-scale network intrusion detection. / Al-Jarrah, O. Y.; Siddiqui, A.; Elsalamouny, M. et al.
Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 177-181 6888858 (Proceedings - International Conference on Distributed Computing Systems; Vol. 30-June-2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Machine-learning-based feature selection techniques for large-scale network intrusion detection

AU - Al-Jarrah, O. Y.

AU - Siddiqui, A.

AU - Elsalamouny, M.

AU - Yoo, P. D.

AU - Muhaidat, S.

AU - Kim, K.

PY - 2014/8/29

Y1 - 2014/8/29

N2 - Nowadays, we see more and more cyber-attacks on major Internet sites and enterprise networks. Intrusion Detection System (IDS) is a critical component of such infrastructure defense mechanism. IDS monitors and analyzes networks' activities for potential intrusions and security attacks. Machine-learning (ML) models have been well accepted for signature-based IDSs due to their learn ability and flexibility. However, the performance of existing IDSs does not seem to be satisfactory due to the rapid evolution of sophisticated cyber threats in recent decades. Moreover, the volumes of data to be analyzed are beyond the ability of commonly used computer software and hardware tools. They are not only large in scale but fast in/out in terms of velocity. In big data IDS, the one must find an efficient way to reduce the size of data dimensions and volumes. In this paper, we propose novel feature selection methods, namely, RF-FSR (Random Forest-Forward Selection Ranking) and RF-BER (Random Forest-Backward Elimination Ranking). The features selected by the proposed methods were tested and compared with three of the most well-known feature sets in the IDS literature. The experimental results showed that the selected features by the proposed methods effectively improved their detection rate and false-positive rate, achieving 99.8% and 0.001% on well-known KDD-99 dataset, respectively.

AB - Nowadays, we see more and more cyber-attacks on major Internet sites and enterprise networks. Intrusion Detection System (IDS) is a critical component of such infrastructure defense mechanism. IDS monitors and analyzes networks' activities for potential intrusions and security attacks. Machine-learning (ML) models have been well accepted for signature-based IDSs due to their learn ability and flexibility. However, the performance of existing IDSs does not seem to be satisfactory due to the rapid evolution of sophisticated cyber threats in recent decades. Moreover, the volumes of data to be analyzed are beyond the ability of commonly used computer software and hardware tools. They are not only large in scale but fast in/out in terms of velocity. In big data IDS, the one must find an efficient way to reduce the size of data dimensions and volumes. In this paper, we propose novel feature selection methods, namely, RF-FSR (Random Forest-Forward Selection Ranking) and RF-BER (Random Forest-Backward Elimination Ranking). The features selected by the proposed methods were tested and compared with three of the most well-known feature sets in the IDS literature. The experimental results showed that the selected features by the proposed methods effectively improved their detection rate and false-positive rate, achieving 99.8% and 0.001% on well-known KDD-99 dataset, respectively.

KW - Feature selection

KW - Intrusion detection system

KW - Machine learning

KW - Random forest

UR - http://www.scopus.com/inward/record.url?scp=84988385241&partnerID=8YFLogxK

U2 - 10.1109/ICDCSW.2014.14

DO - 10.1109/ICDCSW.2014.14

M3 - Conference contribution

AN - SCOPUS:84988385241

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 177

EP - 181

BT - Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014

Y2 - 30 June 2014 through 3 July 2014

ER -

Al-Jarrah OY, Siddiqui A, Elsalamouny M, Yoo PD, Muhaidat S, Kim K. Machine-learning-based feature selection techniques for large-scale network intrusion detection. In Proceedings 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops, ICDCSW 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 177-181. 6888858. (Proceedings - International Conference on Distributed Computing Systems). doi: 10.1109/ICDCSW.2014.14

Machine-learning-based feature selection techniques for large-scale network intrusion detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this