Improving intrusion detection system detection accuracy and reducing learning time by combining selected features selection and parameters optimization

摘要

IDS capability in detecting an attacks is highly dependent on the accuracy of attack detection which usually is represented by the least number of false alarms. In this work we simplify the large network dataset by selecting only the most important and influential features in the dataset to increase the IDS performance and accuracy. The creation of smaller dataset is aimed to decrease time for training the SVM machine learning in detecting attacks. This work designed and built a prototype of IDS equipped with machine learning models to improve accuracy in detecting DoS and R2L attacks. Machine-learning algorithms is added to recognize specific characteristics of the attack at the national Internet network. New methods and techniques developed by combining feature selection and parameter optimization algorithm are then implemented in the Internet monitoring system. Through experiment and analysis, we find out that for DOS attacks the proposed approach improved accuracy for the detection and increased in speed on training and testing phase. Even though limited and appropriate selection of parameters slightly decrease the accuracy in the detection of R2L attacks but our approach significantly increases the speed of the training and testing process.