Multi-Agent Intrusion Detection System Using Feature Selection Approach

Due to the increased connectivity to Internet and corporate network, industrial control system (ICS) is no longer immune to network attacks. Most of these ICSs are not designed with security protection nowadays, so there is an increasing demand of designing protection mechanism in infrastructure of industrial plants. In this paper, we propose multi-agent intrusion detection architecture and a feature selection approach to protect ICS. Multi-agent intrusion detection system (MIDS) architecture is designed for decentralized intrusion detection and prevention control in large switched networks, so it can make intrusion detection system (IDS) efficient and scalable, while the feature detection approach is proposed to improve detection reliability. We chose NSL-KDD as experimental data and had a test on four kinds of attacks (Probe, Dos, U2R and R2L) to evaluate the performance of IDS. Compared with four other common feature selection algorithms (IG, GR, ReliefF and ChiSquare), the experimental results show that our method can effectively improve True Positive Rate and reduce False Positive Rate of IDS.