CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques

Recent research on network intrusion detection has focused on correlation-based techniques, which allow one to adapt to continuously changing environments such as the Internet of Things. Despite it being common practice for network intrusion detection to utilise feature selection techniques to enhance performance, correlation-based techniques have rarely been applied to them. This is mainly due the fact that traditional feature selection methods are not tailored to multivariate correlation techniques and new methods are required. To address this gap, we are introducing CorrCorr, a feature selection method for multivariate correlation-based network anomaly detection systems. Evaluated on the UNSW-NB15 and NSL-KDD intrusion detection dataset, CorrCorr consistently outperformed the original features as well as features selected with a Principal Component Analysis (PCA) and a Pearson class label correlation. We also analysed the UNSW-NB15 dataset on feature correlations and have identified several weaknesses. (C) 2019 Elsevier Ltd. All rights reserved.