CSDL Home I ICTAI 2011 2012 IEEE 24th International Conference on Tools with Artificial Intelligence
Boca Raton, Florida USA
Nov. 7, 2011 to Nov. 9, 2011
Intrusion detection systems (IDSs) are continuously evolving, with the goal of improving the security of computer infrastructures. However, one of the most significant challenges in this area is the poor detection rate, due to the presence of excessive features in a data set whose class distributions are imbalanced. Despite the relatively long existence and the promising nature of feature selection methods, most of them fail to account for imbalance class distributions, particularly, for intrusion data, leading to poor predictions for minority class samples. In this paper, we propose a new feature selection algorithm to enhance the accuracy of IDS of virtual server environments. Our algorithm assigns weights to subsets of features according to the maximized area under the ROC curve (AUC) margin it induces during the boosting process over the minority and the majority examples. The best subset of features is then selected by a greedy search strategy. The empirical experiments are carried out on multiple intrusion data sets using different commercial virtual appliances and real malwares.
intrusion detection, boosting, feature selection, imbalanced data, area under the ROC curve
Malak Alshawabkeh, Javed A. Aslam, David Kaeli, Jennifer Dy, "A Novel Feature Selection for Intrusion Detection in Virtual Machine Environments", ICTAI, 2011, 2012 IEEE 24th International Conference on Tools with Artificial Intelligence, 2012 IEEE 24th International Conference on Tools with Artificial Intelligence 2011, pp. 879-881, doi:10.1109/ICTAI.2011.138