Intrusion Detection Method Based On Feature Selection

Intrusion detection technology is a kind of information security technology, and is one of the core technologies in defense security threats. This technique can provide security strategy, and constantly update strategy attack against hackers. The diversification trend of network attack is more obvious, more and more hackers try to use large-scale distributed attacks to the network system. When the amount of data is large, the efficiency of intrusion detection and false negative rate will be significantly decreased, effectively enhance the effective detection rate and the false positive rate of intrusion detection system is an important research topic. More and more security researchers have tried to use machine learning and feature selection methods to analysis the intrusion detection system. The analysis model can well detect false alarms. To a certain extent, the detecting rate of the system is improved.This paper mainly focuses on several feature selection methods in machine learning. We apply it to intrusion detecting system, and try to analyze some data, so as to improve the efficiency of intrusion detection. This paper attempts to start from the perspective of intrusion detection, we try to use different clustering classification strategies to analysis the feature of the alarm and try to extract the features of the effective information gain. It reduces the amount of computation and improves the accuracy of the algorithm.Feature Selection is one of the important problems in machine learning. For the different data, feature selection strategy will directly affect the classification tasks and generalization ability of learning algorithm. Great feature selection algorithm can effectively eliminate redundant or noise data. The classic feature selection algorithm(MIFS) is proposed to calculate the redundancy and the correlation degree between the candidate feature a nd the selected feature. The relationship between redundancy and correlation is not considered in the proposed model. In this paper, we propose the greedy feature selection algorithm called redundancy mutual information-based feature selection algorithm(RMIFS). RMIFS can improve classification accuracy through compensating the redundancy between those features, and take feature reduction method to handle sparse data, and reduce the algorithm complexity. In addition, it has great generalization ability, and can apply several measures to MIFS and its variants. The experimental results show that RMIFS can achieve higher best-classification-accuracy than MIFS and its variants by using two classification learning algorithm. The feature dimension reduction method of RMIFS for sparse data can also improve classification accuracy. The data set used in this paper is mainly the KDDCUP99 dataset, which is used to classify the different attacks in the intrusion detection system.Finally, this paper try to use OSSEC and SNORT to build an intrusion detection system based on the mixed model. This method can detect the multi-step attack. The characteristics of different data are extracted from the multi-step attack. This paper extracts features from data packets using pattern matching. The method can select the better features from the multi-step attack and generate the dataset. We can select the better feature by the final classification results. Then we can train the dataset by the classifiers. By comparing the traditional intrusion detecting system, it can be found that this feature selection method can effectively improve the accuracy of feature selection.