Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System

  • You Chen
  • Yang Li
  • Xue-Qi Cheng
  • Li Guo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4318)


The Intrusion detection system deals with huge amount of data which contains irrelevant and redundant features causing slow training and testing process, higher resource consumption as well as poor detection rate. Feature selection, therefore, is an important issue in intrusion detection. In this paper we introduce concepts and algorithms of feature selection, survey existing feature selection algorithms in intrusion detection systems, group and compare different algorithms in three broad categories: filter, wrapper, and hybrid. We conclude the survey by identifying trends and challenges of feature selection research and development in intrusion detection system.


intrusion detection feature selection filter wrapper hybrid 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kruegel, C., Valeur, F.: Stateful Intrusion Detection for High-Speed Networks. In: Proc. of the IEEE Symposium on Research on Security and Privacy, pp. 285–293 (2002)Google Scholar
  2. 2.
    Blum, A.L., Langley, P.: Selection of Relevant Features and Examples in Machine Learning. Artificial Intelligence 97, 245–271 (1997)CrossRefMathSciNetzbMATHGoogle Scholar
  3. 3.
    Liu, H., Motoda, H. (eds.): Feature Extraction, Construction and Selection: A Data Mining Perspective. Kluwer Academic, Boston (1998) (second printing, 2001)Google Scholar
  4. 4.
    Dash, M., Liu, H., Motoda, H.: Consistency based feature selection. In: Terano, T., Chen, A.L.P. (eds.) PAKDD 2000. LNCS, vol. 1805, pp. 98–109. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Almuallim, H., Dietterich, T.G.: Learning Boolean Concepts in the Presence of Many Irrelevant Features. Artificial Intelligence 69(1-2), 279–305 (1994)CrossRefMathSciNetzbMATHGoogle Scholar
  6. 6.
    Doak, J.: An Evaluation of Feature Selection Methods and Their Application to Computer Security. Technical report, Univ. of California at Davis, Dept. Computer Science (1992)Google Scholar
  7. 7.
    Narendra, P.M., Fukunaga, K.: A Branch and Bound Algorithm for Feature Subset Selection. IEEE Trans. Computer 26(9), 917–922 (1977)CrossRefzbMATHGoogle Scholar
  8. 8.
    Liu, H., Motoda, H.: Feature Selection for Knowledge Discovery and Data Mining. Kluwer Academic, Boston (1998)zbMATHGoogle Scholar
  9. 9.
    Almuallim, H., Dietterich, T.G.: Learning Boolean Concepts in the Presence of Many Irrelevant Features. Artificial Intelligence 69(1-2), 279–305 (1994)CrossRefMathSciNetzbMATHGoogle Scholar
  10. 10.
    Ben-Bassat, M.: Pattern Recognition and Reduction of Dimensionality. In: Krishnaiah, P.R., Kanal, L.N. (eds.) Handbook of Statistics-II, pp. 773–791. North Holland, Amsterdam (1982)Google Scholar
  11. 11.
    Hall, M.A.: Correlation-Based Feature Selection for Discrete and Numeric Class Machine Learning. In: Proc. 17th Int’l. Conf. Machine Learning, pp. 359–366 (2000)Google Scholar
  12. 12.
    Witten, I.H., Frank, E.: Data Mining-Pracitcal Machine Learning Tools and Techniques with JAVA Implementations. Morgan Kaufmann, San Francisco (2000)Google Scholar
  13. 13.
    Hall, M.A.: Correlation-based Feature Selection for Discrete and Numeric Class Machine Learning. In: Proc. of the 17th Int. Conf. on Machine Learning, pp. 359–366. Morgan Kaufmann Publishers Inc., San Francisco (2000)Google Scholar
  14. 14.
    Fayyad, U., Irani, K.: Multi-interval discretization of continuos attributes as preprocessing for classification learning. In: Proc. of the 13th Int. Join Conf. on Artificial Intelligence, pp. 1022–1027. Morgan Kaufmann Publishers, San Francisco (1993)Google Scholar
  15. 15.
    Press, W.H., Flannery, B.P., Teukolsky, S.A., Vetterling, W.T.: Numerical recipes in C. Cambridge University Press, Cambridge (1988)zbMATHGoogle Scholar
  16. 16.
  17. 17.
    Holland, J.H.: Adaptation in natural and artificial systems. University of Michigan Press (1975) (reprinted by MIT Press, Cambridge (1992))Google Scholar
  18. 18.
    Holland, J.H.: Adaptation in Natural and Artificial Systems. University of Michigan Press, Ann Arbor (1975)Google Scholar
  19. 19.
    Johnson, R.A., Wichern, D.W.: Applied Multivariate Statistical Analysis, pp. 356–395. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
  20. 20.
    Hotelling, H.: Analysis of a complex statistical variables into principal components. Journal of Educational Psychology 24, 417–441 (1933)CrossRefGoogle Scholar
  21. 21.
    Quinlan, J.R.: C4.5: Programs for machine learning. Morgan Kaufmann Publishers, San Francisco (1993)Google Scholar
  22. 22.
    Mukkamala, S., Sung, A.H.: Comparison of Neural Networks and Support Vector Machines. In: Intrusion Detection Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, June 11-13 (2002) Google Scholar
  23. 23.
    Sung, A.H.: Ranking Importance of Input Parameters Of Neural Networks. Expert Systems with Applications, pp. 405–411 (1998)Google Scholar
  24. 24.
  25. 25.
    Fugate, M., Gattiker, J.R.: Anomaly Detection Enhanced Classification in Computer Intrusion Detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, p. 186. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Nguyen, B.V.: An Application of Support Vector Machines to Anomaly Detection (2002), Available at:
  27. 27.
    Kim, D.S., Park, J.S.: Network-based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Sym. On Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  29. 29.
    Kim, D.S., Lee, S.M., Park, J.S.: Building Lightweight Intrusion Detection System Based on Random Forest. In: Wang, J., Yi, Z., Żurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3973, pp. 224–230. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)CrossRefzbMATHGoogle Scholar
  31. 31.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, Chichester (2001)zbMATHGoogle Scholar
  32. 32.
    Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. In: Yu, L., Liu, H. (eds.) Feature Selection for High-Dimensional Data. Springer, Heidelberg (2001)Google Scholar
  34. 34.
    A Fast Correlation-Based Filter Solution. In: Proc. 20th Int’l. Conf. Machine Learning, pp. 856–863 (2003)Google Scholar
  35. 35.
    Liu, H., Yu, L.: Towards integrating feature selection algorithms for classification and clustering. IEEE Transactions on Knowledge and Data Engineering 17(3), 1–12 (2005)CrossRefzbMATHGoogle Scholar
  36. 36.
    Park, J.S., Shazzad, K.M., Kim, D.S.: Toward Modeling Lightweight Intrusion Detection System Through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • You Chen
    • 1
    • 2
  • Yang Li
    • 1
    • 2
  • Xue-Qi Cheng
    • 1
  • Li Guo
    • 1
  1. 1.Institute of Computing TechnologyChinese Academy of SciencesBeijing
  2. 2.Graduate School of the Chinese Academy of SciencesBeijing

Personalised recommendations