Conversion methods for symbolic features: A comparison applied to an intrusion detection problem

The success of any Intrusion Detection System (IDS) lies in the selection of a set of significant features, that can be quantitative or qualitative, taken out from a network traffic data stream. The machine learning methods provide potential solutions for the IDS problem. However, most of these methods used for classification are not able to handle symbolic attributes directly. In this paper, three methods for symbolic features conversion - indicator variables, conditional probabilities and the Separability Split Value method - are contrasted with the arbitrary conversion method, all of them applied to an intrusion detection problem, the KDD Cup 99 data set. In particular, three classification methods were subsequently applied to the dataset: a one-layer feedforward neural network, a support vector machine and a multilayer feedforward neural network. The results obtained demonstrate that the three conversion methods improve the prediction ability of the classifiers utilized, with respect to the arbitrary and commonly used assignment of numerical values. (C) 2009 Elsevier Ltd. All rights reserved.