FEATURE SELECTION FOR INTRUSION DETECTION WITH NEURAL NETWORKS AND SUPPORT VECTOR MACHINES

Computational intelligence (CI) methods are increasingly being used for problem solving, and CI-type learning machines are being used for intrusion detection. Intrusion detection is a problem of general interest to transportation infrastructure protection, since one of its necessary tasks is to protect the computers responsible for the infrastructures operational control, and an effective intrusion detection system (IDS) is essential for ensuring network security. Two classes of learning machines for IDSs are studied: artificial neural networks (ANNs) and support vector machines (SVMs). SVMs are shown to be superior to ANNs in three critical respects of IDSs: SVMs train and run an order of magnitude faster; they scale much better; and they give higher classification accuracy. A related issue is ranking the importance of input features, which is itself a problem of great interest. Since elimination of the insignificant (or useless) inputs leads to a simplified problem and possibly faster and more accurate detection, feature selection is very important in intrusion detection. Two methods for feature ranking are presented: the first one is independent of the modeling tool, while the second method is specific to SVMs. The two methods were applied to identify the important features in the 1999 Defense Advanced Research Projects Agency intrusion data set. It was shown that the two methods produce results that are largely consistent. Experimental results indicated that SVM-based IDSs with a reduced number of features can deliver enhanced or comparable performance. An SVM-based IDS for class-specific detection is proposed.

• Record URL:
  https://doi.org/10.3141/1822-05
• Summary URL:
  http://scholar.google.com/scholar_lookup?title=FEATURE+SELECTION+FOR+INTRUSION+DETECTION+WITH+NEURAL+NETWORKS+AND+SUPPORT+VECTOR+MACHINES&author=S.+Mukkamala&author=A.+Sung&publication_year=2003
• Availability:
  • Find a library where document is available. Order URL: http://www.trb.org/Main/Public/Blurbs/152357.aspx
• Supplemental Notes:
  • This paper appears in Transportation Research Record No. 1822, Transportation Security and Infrastructure Protection.
• Corporate Authors:

  Transportation Research Board

  500 Fifth Street, NW
  Washington, DC  United States  20001
• Authors:
  • Mukkamala, S
  • Sung, A H
• Publication Date: 2003

Language

• English

Media Info

• Features: Figures; References; Tables;
• Pagination: p. 33-39
• Serial:
  • Transportation Research Record
  • Issue Number: 1822
  • Publisher: Transportation Research Board
  • ISSN: 0361-1981

Subject/Index Terms

• TRT Terms: Computers; Infrastructure; Neural networks; Security; Transportation
• Uncontrolled Terms: Computational intelligence; Intrusion detection; Support vector machines
• Subject Areas: Administration and Management; Planning and Forecasting; Safety and Human Factors; Security and Emergencies; Transportation (General); I72: Traffic and Transport Planning;

Filing Info

• Accession Number: 00960126
• Record Type: Publication
• ISBN: 0309085543
• Files: TRIS, TRB, ATRI
• Created Date: Jul 21 2003 12:00AM