An efficient feature selection method for distributed cyber attack detection and classification

Cyber attack has become a critical issue over the last decade. A number of cyber attack detection methods have been introduced with different levels of success. In this paper, a new feature selection algorithm for distributed cyber attack detection and classification is proposed. Different types of attacks together with the normal condition of the network are modeled as different classes of the network data. Binary classifiers are used at local sensors to distinguish each class from the rest. The proposed algorithm outputs for each local binary classifier a set of pairwise feature subsets which are selected for discriminating that particular class from each of the rest classes. This is different from conventional feature selection algorithms, which select a unique feature subset for each local binary classifier. The new feature selection method is shown to be more capable of selecting all relevant features, thus to improve the detection and classification accuracy. Furthermore, each feature subset tends to have a more compact size, which faciliates computation. The proposed method is evaluated using both a synthetic dataset and the KDD1999 intrusion detection datasets.