An improved feature selection algorithm based on MAHALANOBIS distance for Network Intrusion Detection

Network Intrusion Detection System (NIDS) plays an important role in providing network security. Efficient NIDS can be developed by defining a proper rule set for classifying network audit data into normal or attack patterns. Generally, each dataset is characterized by a large set of features, but not all features will be relevant or fully contribute identifying an attack. Since different attacks need different subsets to have better detection accuracy, this paper describes an improved feature selection algorithm to identify most appropriate subset of features for a certain attack. The proposed method is based on MAHALANOBIS Distance feature ranking and an improved exhaustive search to choose a better combination of features. We evaluate the approach on the KDD CUP 1999 datasets using SVM classifier and KNN classifier. The results show that classification is done with high classification rate and low misclassification rate with the reduced feature subsets.