A hybrid feature selection for network intrusion detection systems: Central points

TL;DR

This paper introduces a hybrid feature selection method using central points and association rule mining to improve accuracy and reduce false alarms in network intrusion detection systems, with fast processing times.

Contribution

It presents a novel hybrid feature selection approach based on central points and association rule mining, optimized for quick implementation and improved detection performance.

Findings

Improved accuracy in intrusion detection.

Reduced false alarm rate (FAR).

Extremely short processing time.

Abstract

Network intrusion detection systems are an active area of research to identify threats that face computer networks. Network packets comprise of high dimensions which require huge effort to be examined effectively. As these dimensions contain some irrelevant features, they cause a high False Alarm Rate (FAR). In this paper, we propose a hybrid method as a feature selection, based on the central points of attribute values and an Association Rule Mining algorithm to decrease the FAR. This algorithm is designed to be implemented in a short processing time, due to its dependency on the central points of feature values with partitioning data records into equal parts. This algorithm is applied on the UNSW-NB15 and the NSLKDD data sets to adopt the highest ranked features. Some existing techniques are used to measure the accuracy and FAR. The experimental results show the proposed model is able to improve the accuracy and decrease the FAR. Furthermore, its processing time is extremely short.