Go to DBLP homepageRHC: Cluster based Feature Reduction for Network Intrusion Detections
Abstract: Intrusion Detection Systems (IDSs) play an important part in securing computer networks from different malicious threats and attacks. Modern IDSs leverage machine learning algorithms for effective intrusion detection. However, network traffic flows contain a large number of redundant features in a high-dimensional feature space which decreases the performance of such data-driven approaches drastically. Existing feature reduction methods lack to effectively remove redundant features as well as to retain features with additional information (if there is any). In this paper, we propose a Redundancy based Hierarchical Clustering (RHC) method that groups redundant features in the same cluster based on mutual information. We use both feature selection and extraction for finding the final feature set. We conduct rigorous experiments on three benchmark security datasets and our results demonstrate that the proposed methods outperform the state-of-the-art methods in terms of accuracy, f-score and false positive rate. We show the superiority of our proposed methods in both binary class (normal vs attack) and multi-class classification.
Loading