Mutual information-based feature selection for intrusion detection systems

As the network-based technologies become omnipresent, threat detection and prevention for these systems become increasingly important. One of the effective ways to achieve higher security is to use intrusion detection systems, which are software tools used to detect abnormal activities in the computer or network. One technical challenge in intrusion detection systems is the curse of high dimensionality. To overcome this problem, we propose a feature selection phase, which can be generally implemented in any intrusion detection system. In this work, we propose two feature selection algorithms and study the performance of using these algorithms compared to a mutual information-based feature selection method. These feature selection algorithms require the use of a feature goodness measure. We investigate using both a linear and a non-linear measure—linear correlation coefficient and mutual information, for the feature selection. Further, we introduce an intrusion detection system that uses an improved machine learning based method, Least Squares Support Vector Machine. Experiments on KDD Cup 99 data set address that our proposed mutual information-based feature selection method results in detecting intrusions with higher accuracy, especially for remote to login (R2L) and user to remote (U2R) attacks.