Data preprocessing and feature selection for machine learning intrusion detection systems

Tohari Ahmad; Mohammad Nasrul Aziz

doi:10.24507/icicel.13.02.93

Data preprocessing and feature selection for machine learning intrusion detection systems

Tohari Ahmad
, Mohammad Nasrul Aziz

Institut Teknologi Sepuluh Nopember

Research output: Contribution to journal › Article › peer-review

90 Citations (Scopus)

Abstract

Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291% of accuracy on KDD Cup99 dataset.

Original language	English
Pages (from-to)	93-101
Number of pages	9
Journal	ICIC Express Letters
Volume	13
Issue number	2
DOIs	https://doi.org/10.24507/icicel.13.02.93
Publication status	Published - 2019

Keywords

Data mining
Feature selection
Intrusion detection system
Network security

Access to Document

10.24507/icicel.13.02.93

Cite this

@article{0789196aafca414a9417565cf03353f7,

title = "Data preprocessing and feature selection for machine learning intrusion detection systems",

abstract = "Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291\% of accuracy on KDD Cup99 dataset.",

keywords = "Data mining, Feature selection, Intrusion detection system, Network security",

author = "Tohari Ahmad and Aziz, \{Mohammad Nasrul\}",

year = "2019",

doi = "10.24507/icicel.13.02.93",

language = "English",

volume = "13",

pages = "93--101",

journal = "ICIC Express Letters",

issn = "1881-803X",

publisher = "ICIC International",

number = "2",

}

TY - JOUR

T1 - Data preprocessing and feature selection for machine learning intrusion detection systems

AU - Ahmad, Tohari

AU - Aziz, Mohammad Nasrul

PY - 2019

Y1 - 2019

N2 - Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291% of accuracy on KDD Cup99 dataset.

AB - Flow-based anomaly detection is an issue that still grows in a computer network security environment. Many previous studies have applied data mining as a method for detecting anomaly in an intrusion detection system (IDS). In this paper, we further apply data mining to classifying those anomaly data. This is based on the facts that there are many data which are not ready for use by a classification algorithm. In addition, that algorithm may use all features which actually are not relevant to the classification target. According to these two problems, we define two steps: pre-processing and feature selection, whose results are classified by using k-NN, SVM, and Naive Bayes. The experimental results show that such pre-processing and combination of CFS and PSO are better to apply to SVM which is able to achieve about 99.9291% of accuracy on KDD Cup99 dataset.

KW - Data mining

KW - Feature selection

KW - Intrusion detection system

KW - Network security

UR - https://www.scopus.com/pages/publications/85062353137

U2 - 10.24507/icicel.13.02.93

DO - 10.24507/icicel.13.02.93

M3 - Article

AN - SCOPUS:85062353137

SN - 1881-803X

VL - 13

SP - 93

EP - 101

JO - ICIC Express Letters

JF - ICIC Express Letters

IS - 2

ER -

Data preprocessing and feature selection for machine learning intrusion detection systems

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this