Multi-Measure Multi-Weight Ranking Approach for the Identification of the Network Features for the Detection of DoS and Probe Attacks

Efficient detection of network attacks necessitates the identification of important features, capable of characterizing the attacks. Most of the feature selection techniques are based either on a particular measure or on a particular learning algorithm. As the features selected by each such feature selection technique are different, use of a particular feature selection technique is not enough to assess the importance of a feature. This motivated us to propose a multi-measure multi-weight feature identification approach which combines the filter and wrapper feature selection methods and clustering methods to assign multiple weights to each feature. Two novel weight assignment algorithms for wrapper and clustering method have been proposed to assign weights to each feature. Experiments performed with top weighted features of 10% KDD Cup 99 intrusion detection dataset shows the identified features are indeed important in detecting DoS and probe attacks. Also, the comparison of the proposed approach with the existing algorithms shows that the features identified by the proposed approach detects the attacks with higher accuracy.