Supervised Feature Selection Techniques in Network Intrusion Detection:
a Critical Review
- URL: http://arxiv.org/abs/2104.04958v1
- Date: Sun, 11 Apr 2021 08:42:01 GMT
- Title: Supervised Feature Selection Techniques in Network Intrusion Detection:
a Critical Review
- Authors: Mario Di Mauro, Giovanni Galatro, Giancarlo Fortino, Antonio Liotta
- Abstract summary: Machine Learning techniques are becoming an invaluable support for network intrusion detection.
Dealing with the vast diversity and number of features that typically characterize data traffic is a hard problem.
By reducing the feature space and retaining only the most significant features, Feature Selection (FS) becomes a crucial pre-processing step in network management.
- Score: 9.177695323629896
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine Learning (ML) techniques are becoming an invaluable support for
network intrusion detection, especially in revealing anomalous flows, which
often hide cyber-threats. Typically, ML algorithms are exploited to
classify/recognize data traffic on the basis of statistical features such as
inter-arrival times, packets length distribution, mean number of flows, etc.
Dealing with the vast diversity and number of features that typically
characterize data traffic is a hard problem. This results in the following
issues: i) the presence of so many features leads to lengthy training processes
(particularly when features are highly correlated), while prediction accuracy
does not proportionally improve; ii) some of the features may introduce bias
during the classification process, particularly those that have scarce relation
with the data traffic to be classified. To this end, by reducing the feature
space and retaining only the most significant features, Feature Selection (FS)
becomes a crucial pre-processing step in network management and, specifically,
for the purposes of network intrusion detection. In this review paper, we
complement other surveys in multiple ways: i) evaluating more recent datasets
(updated w.r.t. obsolete KDD 99) by means of a designed-from-scratch
Python-based procedure; ii) providing a synopsis of most credited FS approaches
in the field of intrusion detection, including Multi-Objective Evolutionary
techniques; iii) assessing various experimental analyses such as feature
correlation, time complexity, and performance. Our comparisons offer useful
guidelines to network/security managers who are considering the incorporation
of ML concepts into network intrusion detection, where trade-offs between
performance and resource consumption are crucial.
Related papers
- Exploring Feature Importance and Explainability Towards Enhanced ML-Based DoS Detection in AI Systems [3.3150909292716477]
Denial of Service (DoS) attacks pose a significant threat in the realm of AI systems security.
statistical and machine learning (ML)-based DoS classification and detection approaches utilize a broad range of feature selection mechanisms to select a feature subset from networking traffic datasets.
In this paper, we investigate the importance of feature selection in improving ML-based detection of DoS attacks.
arXiv Detail & Related papers (2024-11-04T19:51:08Z) - Detection-Rate-Emphasized Multi-objective Evolutionary Feature Selection for Network Intrusion Detection [21.104686670216445]
We propose DR-MOFS to model the feature selection problem in network intrusion detection as a three-objective optimization problem.
In most cases, the proposed method can outperform previous methods, i.e., lead to fewer features, higher accuracy and detection rate.
arXiv Detail & Related papers (2024-06-13T14:42:17Z) - Uncertainty Estimation by Fisher Information-based Evidential Deep
Learning [61.94125052118442]
Uncertainty estimation is a key factor that makes deep learning reliable in practical applications.
We propose a novel method, Fisher Information-based Evidential Deep Learning ($mathcalI$-EDL)
In particular, we introduce Fisher Information Matrix (FIM) to measure the informativeness of evidence carried by each sample, according to which we can dynamically reweight the objective loss terms to make the network more focused on the representation learning of uncertain classes.
arXiv Detail & Related papers (2023-03-03T16:12:59Z) - Deep networks for system identification: a Survey [56.34005280792013]
System identification learns mathematical descriptions of dynamic systems from input-output data.
Main aim of the identified model is to predict new data from previous observations.
We discuss architectures commonly adopted in the literature, like feedforward, convolutional, and recurrent networks.
arXiv Detail & Related papers (2023-01-30T12:38:31Z) - Modeling Uncertain Feature Representation for Domain Generalization [49.129544670700525]
We show that our method consistently improves the network generalization ability on multiple vision tasks.
Our methods are simple yet effective and can be readily integrated into networks without additional trainable parameters or loss constraints.
arXiv Detail & Related papers (2023-01-16T14:25:02Z) - Uncertainty Modeling for Out-of-Distribution Generalization [56.957731893992495]
We argue that the feature statistics can be properly manipulated to improve the generalization ability of deep learning models.
Common methods often consider the feature statistics as deterministic values measured from the learned features.
We improve the network generalization ability by modeling the uncertainty of domain shifts with synthesized feature statistics during training.
arXiv Detail & Related papers (2022-02-08T16:09:12Z) - An Explainable Machine Learning-based Network Intrusion Detection System
for Enabling Generalisability in Securing IoT Networks [0.0]
Machine Learning (ML)-based network intrusion detection systems bring many benefits for enhancing the security posture of an organisation.
Many systems have been designed and developed in the research community, often achieving a perfect detection rate when evaluated using certain datasets.
This paper tightens the gap by evaluating the generalisability of a common feature set to different network environments and attack types.
arXiv Detail & Related papers (2021-04-15T00:44:45Z) - Experimental Review of Neural-based approaches for Network Intrusion
Management [8.727349339883094]
We provide an experimental-based review of neural-based methods applied to intrusion detection issues.
We offer a complete view of the most prominent neural-based techniques relevant to intrusion detection, including deep-based approaches or weightless neural networks.
Our evaluation quantifies the value of neural networks, particularly when state-of-the-art datasets are used to train the models.
arXiv Detail & Related papers (2020-09-18T18:32:24Z) - On Robustness and Transferability of Convolutional Neural Networks [147.71743081671508]
Modern deep convolutional networks (CNNs) are often criticized for not generalizing under distributional shifts.
We study the interplay between out-of-distribution and transfer performance of modern image classification CNNs for the first time.
We find that increasing both the training set and model sizes significantly improve the distributional shift robustness.
arXiv Detail & Related papers (2020-07-16T18:39:04Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z) - An Intelligent and Time-Efficient DDoS Identification Framework for
Real-Time Enterprise Networks SAD-F: Spark Based Anomaly Detection Framework [0.5811502603310248]
We will be exploring security analytic techniques for DDoS anomaly detection using different machine learning techniques.
In this paper, we are proposing a novel approach which deals with real traffic as input to the system.
We study and compare the performance factor of our proposed framework on three different testbeds.
arXiv Detail & Related papers (2020-01-21T06:05:48Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.