Clustering-based Feature Selection for Internet Attack Defense

Feature selection is as important for intrusion detection as it is for many other problems. A feature selection algorithm can help system administrators to identify and detect new network attacks efficiently since appropriately chosen features can improve accuracy of intrusion detection significantly as well as can decrease computational overheads of intrusion detection systems. This paper describes a new proposed feature selection algorithms in detecting intrusions using network audit trails. The proposed method is based on our definition of cluster distance to select good features, and advantages of the proposed feature selection method include independence of data formats (e.g., continuous data or discrete data), suitability for binary classification, and improved intrusion detection accuracy. Experimental results using KDDCup99 datasets show that the proposed model can improve intrusion detection accuracy, compared to other algorithms.