Identifying important features for intrusion detection using support vector machines and neural networks

Author

Sung, Andrew H. ; Mukkamala, Srinivas

Author_Institution

Dept. of Comput. Sci., New Mexico Inst. of Min. & Technol., Socorro, NM, USA

fYear

2003

fDate

27-31 Jan. 2003

Firstpage

209

Lastpage

216

Abstract

Intrusion detection is a critical component of secure information systems. This paper addresses the issue of identifying important input features in building an intrusion detection system (IDS). Since elimination of the insignificant and/or useless inputs leads to a simplification of the problem, faster and more accurate detection may result. Feature ranking and selection, therefore, is an important issue in intrusion detection. We apply the technique of deleting one feature at a time to perform experiments on SVMs and neural networks to rank the importance of input features for the DARPA collected intrusion data. Important features for each of the 5 classes of intrusion patterns in the DARPA data are identified. It is shown that SVM-based and neural network based IDSs using a reduced number of features can deliver enhanced or comparable performance. An IDS for class-specific detection based on five SVMs is proposed.

Keywords

Internet; learning (artificial intelligence); learning automata; neural nets; security of data; telecommunication security; DARPA data; Internet security; experiments; feature ranking; feature selection; intrusion detection; neural networks; performance; secure information systems; support vector machines; Computer crime; Computer science; Computer vision; Information systems; Intrusion detection; Local area networks; Neural networks; Support vector machines; TCPIP; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet, 2003. Proceedings. 2003 Symposium on

Print_ISBN

0-7695-1872-9

Type

conf

DOI

10.1109/SAINT.2003.1183050

Filename

1183050