Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings

Research Article

Two-Level Feature Selection Method for Low Detection Rate Attacks in Intrusion Detection

Download
87 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-21373-2_58,
        author={Chundong Wang and Xin Ye and Xiaonan He and Yunkun Tian and Liangyi Gong},
        title={Two-Level Feature Selection Method for Low Detection Rate Attacks in Intrusion Detection},
        proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings},
        proceedings_a={SPNCE},
        year={2019},
        month={6},
        keywords={Feature selection Information gain mRMR Intrusion detection},
        doi={10.1007/978-3-030-21373-2_58}
    }
    
  • Chundong Wang
    Xin Ye
    Xiaonan He
    Yunkun Tian
    Liangyi Gong
    Year: 2019
    Two-Level Feature Selection Method for Low Detection Rate Attacks in Intrusion Detection
    SPNCE
    Springer
    DOI: 10.1007/978-3-030-21373-2_58
Chundong Wang, Xin Ye,*, Xiaonan He1, Yunkun Tian1, Liangyi Gong
  • 1: Tianjin E-Hualu Information Technology Co., Ltd.
*Contact email: 306187260@qq.com

Abstract

In view of the fact that some attacks have low detection rates in intrusion detection dataset, a two-level feature selection method based on minimal-redundancy-maximal-relevance (mRMR) and information gain (IG) was proposed. In this method, irrelevant and redundant features were filtered preliminarily to reduce data dimension by using mRMR algorithm, and highly correlated features to low detection rate attacks were obtained based on the calculation of information gain, and finally these features were integrated together to get final feature subset. The experimental results showed that the classification result of the feature subset filtered by this method had a better classification performance than the current filtering methods and improved the testing results of some attacks with low detection rates effectively.