Feature selection for intrusion detection: an evolutionary wrapper approach

With the ongoing growth of the Internet, intrusion detection systems (IDS) play an increasing role in securing communication networks. Particularly, where sensitive and confidential information is stored or transmitted, there is a vital importance of security. In the past few years, soft-computing techniques (especially neural networks) found their way more and more into the research area of intrusion detection and are now an inherent part of it. Although, feature selection is an important task for almost all neural network applications, only very few investigations dealing with any type of automated feature selection are known in the area of intrusion detection. This article sets out an evolutionary algorithm (EA) that performs the tasks of feature selection and architecture optimization for radial basis function (RBF) networks automatically. With the feature selection process proposed, it is possible to reduce the number of input features significantly, which is very important due to the fact that the neural networks can effectively be prevented from overfitting. Furthermore, reducing the number of input features also reduces the time needed for feature extraction as well as the execution time for the trained RBF networks and allows the extraction of well interpretable rules. The results (depending on the attack type, about 2 up to 5 features are needed for attack detection on an average) are demonstrated for seven attack types using the DARPA 1998 intrusion detection evaluation data.