Improving signature detection classification model using features selection based on customized features

Having an accurate Signature Detection Classification (SDC) Model has become highly demanding for Intrusion Detection Systems (IDS) to secure networks, especially when dealing with large and complex security audit data set. Selecting appropriate network features is one of the factors that influence the accuracy of SDC model. Past research has shown that the Hidden Marcov Chain, Genetic Algorithm, and the two-second time windows are among the best features selection methods for SDC Model. However this paper aims to improve the accuracy model by applying the features extraction based customized features. The customized features are the network data set which has been preprocessed through the following steps: removing biased attributes, discretized using chi-merge and remove the attributes with string value. The previous research applies the feature extraction based on all features. The best model is measured based on the detection rate, false alarm rate and number of rules using four data mining techniques such as Ripper(Jrip), Ridor, PART and decision three. The experiment is conducted using three random KDD-cup99 data sets. The result shows that the features extraction based on customized features has increased the accuracy model between 0.4% to 9% detection rates and reduced between 0.17% to 0.5% false alarm rates. The result shows the importance of data preprocessing in producing a high quality SDC Model.