TY - JOUR
T1 - Data preprocessing and feature selection for machine learning intrusion detection systems
AU - Ahmad, Tohari
AU - Aziz, Mohammad Nasrul
N1 - Publisher Copyright:
© 2019, ICIC International. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291% of accuracy on KDD Cup99 dataset.
AB - Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291% of accuracy on KDD Cup99 dataset.
KW - Data mining
KW - Feature selection
KW - Intrusion detection system
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=85062353137&partnerID=8YFLogxK
U2 - 10.24507/icicel.13.02.93
DO - 10.24507/icicel.13.02.93
M3 - Article
AN - SCOPUS:85062353137
SN - 1881-803X
VL - 13
SP - 93
EP - 101
JO - ICIC Express Letters
JF - ICIC Express Letters
IS - 2
ER -