Identifying and Benchmarking Key Features for Cyber Intrusion Detection: An Ensemble Approach

被引:71
作者
Binbusayyis, Adel [1 ]
Vaiyapuri, Thavavel [1 ]
机构
[1] Prince Sattam Bin Abdulaziz Univ, Coll Comp Sci & Engn, Al Kharj 11942, Saudi Arabia
关键词
Anomaly intrusion detection; correlation; consistency; data analytic lifecycle; diversity measure; ensemble learning; feature selection; information gain; ReliefF; stability measure; FEATURE-SELECTION; DETECTION SYSTEM; ALGORITHM;
D O I
10.1109/ACCESS.2019.2929487
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In today's interconnected era, intrusion detection system (IDS) has the potential to be the frontier of defense against cyberattacks and plays an essential role in achieving security of networking resources and infrastructures. The performance of IDS depends highly on data features. Selecting the most informative features eliminating the redundant and irrelevant features from network traffic data for IDS is still an open research issue. The key impetus of this paper is to identify and benchmark the potential set of features that can characterize network traffic for intrusion detection. In this correspondence, an ensemble approach is proposed. As a first step, the approach applies four different feature evaluation measures, such as correlation, consistency, information, and distance, to select the more crucial features for intrusion detection. Second, it applies the subset combination strategy to merge the output of the four measures and achieve the potential feature set. Along with this, a new framework that adopts the data analytic lifecycle practices is explored to employ the proposed ensemble for building an effective IDS. The effectiveness of the proposed approach is demonstrated by conducting several experiments on four intrusion detection evaluation datasets, namely KDDCup' 99, NSL-KDD, UNSW-NB15, and CICIDS2017. The obtained results prove that the proposed approach contributes more potential features compared to the state-of-the-art approaches, leading to achieve a promising performance gain in the detection rate of 3.2%, the false alarm rate of 38%, and the detection time of 12%. Furthermore, ROC and statistical significance are analyzed for the identified feature subset to strongly conform its acceptability as a future benchmark for building an effective IDS.
引用
收藏
页码:106495 / 106513
页数:19
相关论文
共 63 条
[1]   Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm [J].
Ambusaidi, Mohammed A. ;
He, Xiangjian ;
Nanda, Priyadarsi ;
Tan, Zhiyuan .
IEEE TRANSACTIONS ON COMPUTERS, 2016, 65 (10) :2986-2998
[2]  
[Anonymous], 2007, ARTIFICIAL INTELLIGE
[3]  
[Anonymous], REVITALIZING PRIVACY
[4]  
[Anonymous], 2016, P 2016 INT C INF SCI
[5]  
[Anonymous], FUTURE GENERATION CO
[6]  
[Anonymous], 2017, EXPERT SYST APPL
[7]  
[Anonymous], 2009, 2009 IEEE S COMPUTAT
[8]  
[Anonymous], 2005, R PACKAGE KENDALL
[9]  
[Anonymous], 2007, KDD CUP 1999
[10]  
[Anonymous], 2017, P CIRITIS LUCC IT