Features selection for intrusion detection system based on DNA encoding

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Intrusion detection systems detect attacks inside computers and networks, where the detection of the attacks must be in fast time and high rate. Various methods proposed achieved high detection rate, this was done either by improving the algorithm or hybridizing with another algorithm. However, they are suffering from the time, especially after the improvement of the algorithm and dealing with large traffic data. On the other hand, past researches have been successfully applied to the DNA sequences detection approaches for intrusion detection system; the achieved detection rate results were very low, on other hand, the processing time was fast. Also, feature selection used to reduce the computation and complexity lead to speed up the system. A new features selection method is proposed based on DNA encoding and on DNA keys positions. The current system has three phases, the first phase, is called pre-processing phase, which is used to extract the keys and their positions, the second phase is training phase; the main goal of this phase is to select features based on the key positions that gained from pre-processing phase, and the third phase is the testing phase, which classified the network traffic records as either normal or attack by using specific features. The performance is calculated based on the detection rate, false alarm rate, accuracy, and also on the time that include both encoding time and matching time. All these results are based on using two or three keys, and it is evaluated by using two datasets, namely, KDD Cup 99, and NSL-KDD. The achieved detection rate, false alarm rate, accuracy, encoding time, and matching time for all corrected KDD Cup records (311,029 records) by using two and three keys are equal to 96.97, 33.67, 91%, 325, 13 s, and 92.74, 7.41, 92.71%, 325 and 20 s, respectively. The results for detection rate, false alarm rate, accuracy, encoding time, and matching time for all NSL-KDD records (22,544 records) by using two and three keys are equal to 89.34, 28.94, 81.46%, 20, 1 s and 82.93, 11.40, 85.37%, 20 and 1 s, respectively. The proposed system is evaluated and compared with previous systems and these comparisons are done based on encoding time and matching time. The outcomes showed that the detection results of the present system are faster than the previous ones.

Original languageEnglish
Title of host publicationLecture Notes in Networks and Systems
PublisherSpringer
Pages323-335
Number of pages13
DOIs
Publication statusPublished - 1 Jan 2019

Publication series

NameLecture Notes in Networks and Systems
Volume67
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Fingerprint

Intrusion detection
Feature extraction
DNA
Processing
DNA sequences
Testing

Keywords

  • DNA encoding
  • Feature selection
  • Intrusion detection system
  • KDD Cup 99 dataset
  • NSL-KDD dataset

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Signal Processing
  • Computer Networks and Communications

Cite this

Rashid, O. F., Ali Othman, Z., & Zainudin, S. (2019). Features selection for intrusion detection system based on DNA encoding. In Lecture Notes in Networks and Systems (pp. 323-335). (Lecture Notes in Networks and Systems; Vol. 67). Springer. https://doi.org/10.1007/978-981-13-6031-2_23

Features selection for intrusion detection system based on DNA encoding. / Rashid, Omar Fitian; Ali Othman, Zulaiha; Zainudin, Suhaila.

Lecture Notes in Networks and Systems. Springer, 2019. p. 323-335 (Lecture Notes in Networks and Systems; Vol. 67).

Research output: Chapter in Book/Report/Conference proceedingChapter

Rashid, OF, Ali Othman, Z & Zainudin, S 2019, Features selection for intrusion detection system based on DNA encoding. in Lecture Notes in Networks and Systems. Lecture Notes in Networks and Systems, vol. 67, Springer, pp. 323-335. https://doi.org/10.1007/978-981-13-6031-2_23
Rashid OF, Ali Othman Z, Zainudin S. Features selection for intrusion detection system based on DNA encoding. In Lecture Notes in Networks and Systems. Springer. 2019. p. 323-335. (Lecture Notes in Networks and Systems). https://doi.org/10.1007/978-981-13-6031-2_23
Rashid, Omar Fitian ; Ali Othman, Zulaiha ; Zainudin, Suhaila. / Features selection for intrusion detection system based on DNA encoding. Lecture Notes in Networks and Systems. Springer, 2019. pp. 323-335 (Lecture Notes in Networks and Systems).
@inbook{b806d3d6f2db4a50974a021df4c406ef,
title = "Features selection for intrusion detection system based on DNA encoding",
abstract = "Intrusion detection systems detect attacks inside computers and networks, where the detection of the attacks must be in fast time and high rate. Various methods proposed achieved high detection rate, this was done either by improving the algorithm or hybridizing with another algorithm. However, they are suffering from the time, especially after the improvement of the algorithm and dealing with large traffic data. On the other hand, past researches have been successfully applied to the DNA sequences detection approaches for intrusion detection system; the achieved detection rate results were very low, on other hand, the processing time was fast. Also, feature selection used to reduce the computation and complexity lead to speed up the system. A new features selection method is proposed based on DNA encoding and on DNA keys positions. The current system has three phases, the first phase, is called pre-processing phase, which is used to extract the keys and their positions, the second phase is training phase; the main goal of this phase is to select features based on the key positions that gained from pre-processing phase, and the third phase is the testing phase, which classified the network traffic records as either normal or attack by using specific features. The performance is calculated based on the detection rate, false alarm rate, accuracy, and also on the time that include both encoding time and matching time. All these results are based on using two or three keys, and it is evaluated by using two datasets, namely, KDD Cup 99, and NSL-KDD. The achieved detection rate, false alarm rate, accuracy, encoding time, and matching time for all corrected KDD Cup records (311,029 records) by using two and three keys are equal to 96.97, 33.67, 91{\%}, 325, 13 s, and 92.74, 7.41, 92.71{\%}, 325 and 20 s, respectively. The results for detection rate, false alarm rate, accuracy, encoding time, and matching time for all NSL-KDD records (22,544 records) by using two and three keys are equal to 89.34, 28.94, 81.46{\%}, 20, 1 s and 82.93, 11.40, 85.37{\%}, 20 and 1 s, respectively. The proposed system is evaluated and compared with previous systems and these comparisons are done based on encoding time and matching time. The outcomes showed that the detection results of the present system are faster than the previous ones.",
keywords = "DNA encoding, Feature selection, Intrusion detection system, KDD Cup 99 dataset, NSL-KDD dataset",
author = "Rashid, {Omar Fitian} and {Ali Othman}, Zulaiha and Suhaila Zainudin",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-981-13-6031-2_23",
language = "English",
series = "Lecture Notes in Networks and Systems",
publisher = "Springer",
pages = "323--335",
booktitle = "Lecture Notes in Networks and Systems",

}

TY - CHAP

T1 - Features selection for intrusion detection system based on DNA encoding

AU - Rashid, Omar Fitian

AU - Ali Othman, Zulaiha

AU - Zainudin, Suhaila

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Intrusion detection systems detect attacks inside computers and networks, where the detection of the attacks must be in fast time and high rate. Various methods proposed achieved high detection rate, this was done either by improving the algorithm or hybridizing with another algorithm. However, they are suffering from the time, especially after the improvement of the algorithm and dealing with large traffic data. On the other hand, past researches have been successfully applied to the DNA sequences detection approaches for intrusion detection system; the achieved detection rate results were very low, on other hand, the processing time was fast. Also, feature selection used to reduce the computation and complexity lead to speed up the system. A new features selection method is proposed based on DNA encoding and on DNA keys positions. The current system has three phases, the first phase, is called pre-processing phase, which is used to extract the keys and their positions, the second phase is training phase; the main goal of this phase is to select features based on the key positions that gained from pre-processing phase, and the third phase is the testing phase, which classified the network traffic records as either normal or attack by using specific features. The performance is calculated based on the detection rate, false alarm rate, accuracy, and also on the time that include both encoding time and matching time. All these results are based on using two or three keys, and it is evaluated by using two datasets, namely, KDD Cup 99, and NSL-KDD. The achieved detection rate, false alarm rate, accuracy, encoding time, and matching time for all corrected KDD Cup records (311,029 records) by using two and three keys are equal to 96.97, 33.67, 91%, 325, 13 s, and 92.74, 7.41, 92.71%, 325 and 20 s, respectively. The results for detection rate, false alarm rate, accuracy, encoding time, and matching time for all NSL-KDD records (22,544 records) by using two and three keys are equal to 89.34, 28.94, 81.46%, 20, 1 s and 82.93, 11.40, 85.37%, 20 and 1 s, respectively. The proposed system is evaluated and compared with previous systems and these comparisons are done based on encoding time and matching time. The outcomes showed that the detection results of the present system are faster than the previous ones.

AB - Intrusion detection systems detect attacks inside computers and networks, where the detection of the attacks must be in fast time and high rate. Various methods proposed achieved high detection rate, this was done either by improving the algorithm or hybridizing with another algorithm. However, they are suffering from the time, especially after the improvement of the algorithm and dealing with large traffic data. On the other hand, past researches have been successfully applied to the DNA sequences detection approaches for intrusion detection system; the achieved detection rate results were very low, on other hand, the processing time was fast. Also, feature selection used to reduce the computation and complexity lead to speed up the system. A new features selection method is proposed based on DNA encoding and on DNA keys positions. The current system has three phases, the first phase, is called pre-processing phase, which is used to extract the keys and their positions, the second phase is training phase; the main goal of this phase is to select features based on the key positions that gained from pre-processing phase, and the third phase is the testing phase, which classified the network traffic records as either normal or attack by using specific features. The performance is calculated based on the detection rate, false alarm rate, accuracy, and also on the time that include both encoding time and matching time. All these results are based on using two or three keys, and it is evaluated by using two datasets, namely, KDD Cup 99, and NSL-KDD. The achieved detection rate, false alarm rate, accuracy, encoding time, and matching time for all corrected KDD Cup records (311,029 records) by using two and three keys are equal to 96.97, 33.67, 91%, 325, 13 s, and 92.74, 7.41, 92.71%, 325 and 20 s, respectively. The results for detection rate, false alarm rate, accuracy, encoding time, and matching time for all NSL-KDD records (22,544 records) by using two and three keys are equal to 89.34, 28.94, 81.46%, 20, 1 s and 82.93, 11.40, 85.37%, 20 and 1 s, respectively. The proposed system is evaluated and compared with previous systems and these comparisons are done based on encoding time and matching time. The outcomes showed that the detection results of the present system are faster than the previous ones.

KW - DNA encoding

KW - Feature selection

KW - Intrusion detection system

KW - KDD Cup 99 dataset

KW - NSL-KDD dataset

UR - http://www.scopus.com/inward/record.url?scp=85066127170&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85066127170&partnerID=8YFLogxK

U2 - 10.1007/978-981-13-6031-2_23

DO - 10.1007/978-981-13-6031-2_23

M3 - Chapter

AN - SCOPUS:85066127170

T3 - Lecture Notes in Networks and Systems

SP - 323

EP - 335

BT - Lecture Notes in Networks and Systems

PB - Springer

ER -