Intrusion Detection Systems: Feature selection for IDS | Saylor Academy

Introduction

Feature selection for IDS

Feature selection is helpful to decrease the computational difficulty, eliminate data redundancy, enhance the detection rate of the machine learning techniques, simplify data and reduce false alarms. In this line of research, some methods have been applied to develop a lightweight IDSs.

Feature selection techniques can be categorized into wrapper and filter methods. Wrapper methods estimate subgroups of variables to identify the feasible interactions between variables. There are two main drawbacks of these techniques: accumulative overfitting when the amount of data is insufficient and the important calculation time when the amount of variables is big.

Filter methods are normally applied as a pre-processing stage. The selection of features is separate of any machine learning techniques. As an alternative, features are nominated on the basis of their scores in several statistical tests for their correlation with the consequence variable.

As an example of the impact of feature selection on the performance of an IDS, consider the results in Table 14 which show the detection accuracy and time to build the IDS mode of the C4.5 classifier using the full dataset with 41 features of NSl-KDD dataset and with different features.

Table 14 Detailed accuracy for C4.5 Decision tree classifier with different feature sets

Filter techniques	# of features	Accuracy	Time
Full set	41	99.55	2.76 Sec
Info Gain	13	99.64	0.84 Sec
Gain ratio	13	99.64	1.31 Sec
Chi-squared	13	99.65	0.92 Sec
Relief	13	99	0.93 Sec

General

Course Syllabus

Unit 1: Introduction to Information Security

1.1: The History and Evolution of Information Security

Information Security History

Timeline of the History of Information Security

1.2: Confidentiality, Integrity, and Availability – The CIA Triad

The CIA Triad

1.3: Threats, Vulnerabilities, and Risks

Threats and Vulnerabilities

The Elements of Security: Vulnerability, Threat, Risk

1.4: The Risk Management Process

NIST SP 800-39

Risk Management

More on Risk Management

1.5: The Incident Response Process

NIST SP 800-61

Incident Response

1.6: Security Control

Security Control

Security Control Types

Security Control Functions

1.7: Defense-in-Depth

Introduction to Defense-in-Depth

Defense-in-Depth Example

Defense-in-Depth

1.8: Human Behavioral Risks

The Human Factor

Humans are the Weakest Link

Security Awareness, Training, and Education

Security Threats and the Human Factor

1.9: Security Frameworks

Security Frameworks

Center for Internet Security (CIS) Controls

Payment Card Industry Data Security Standard (PCI DSS)

Unit 1 Assessment

Unit 1 Assessment

Unit 2: Threats and Attack Modes

2.1: Threat Terminology

Threat Terminology

An Overview of Threats

Privacy Threats

2.2: Types of Attacks

Types of Attacks

Classifying Threats

Birthday Attacks

What is a Botnet?

More on Botnets

Man-in-the-Middle Attacks

Teardrop Attacks

What is War Dialing?

More on War Dialing

Zero-Day Exploits

2.3: Spoofing Attacks

Spoofing Attacks

A Comprehensive Analysis of Spoofing

Email Spoofing

Caller ID Spoofing

IP Address Spoofing

2.4: Social Engineering

An Overview of Social Engineering

Dumpster Diving

One Man's Trash is Another Man's Treasure

Shoulder Surfing

Tailgating

How to Protect Against Tailgating

Phishing, Spear-phishing, and Whaling

Pretexting

2.5: Application Attacks

Application Attacks

Types of Application Attacks

The Basics of Buffer Overflows

More on Buffer Overflows

Time of Check to Time of Use

Application and Escalation of Privilege

Escalation of Privilege

2.6: Web Application Attacks

Types of Application Attacks

Cross-Site Scripting

Examples of Cross-Site Scripting