HFO-ANID: Hierarchical feature optimization for Anomaly Based Network Intrusion Detection

In the area of feature reduction for anomaly based Intrusion Detection Systems, Computational Intelligence (CI) methods are increasingly being used for problem solving. This paper concerns using Computational intelligence based learning machines for intrusion detection in hierarchical order of attacking scenarios, which is a problem of general interest to transportation infrastructure protection since a necessary task thereof is to protect the computers responsible for the infrastructure´s operational control, and an effective Intrusion Detection System (IDS) is essential for ensuring network security. We argue that the features opted to detect an attack scenario is not same for all kinds of attacks. Hence here in this paper a hierarchical feature optimization for Anomaly based Intrusion Detection System (HAB-IDS) is proposed. Two classes of learning machines for IDSs are Artificial Neural Networks (ANNs) and Support Vector Machines (SVMs). We consider the SVM in three critical respects of IDSs: SVMs train and run an order of magnitude faster; SVMs scale much better; and SVMs give higher classification accuracy. Hence we use SVM for our proposed Hierarchical Feature reduction for intrusion detection.