Optimal evaluation of feature selection in intrusion detection modeling

As a kind of data pre-process method, feature selection is an essential step in intrusion detection modeling. The method can improve the efficiency and accuracy of intrusion detection engine. Additionally, good features can provide excellent class separability. However, in the past researches on feature selection, the criteria and way about how to select the features in the raw data are seldom referred to. This paper shows us which type of features can aid us to achieve a better experimental results. In comparison to various type of intrusion attacks, the classical clustering algorithm, K-Means is proposed to evaluate the features selected and prove the viewpoint based on KDD Cup 1999 DataSet. The knowledge of feature selection can be achieved by this means. With the usage of the statistics of network traffic, the better evaluation index e.g. detection rate and false positive rate, are achieved than any other type of features. Finally, the paper provides the evaluation results of feature selection and we can regard them as knowledge for our future implementation.