Authors: Srinivas Mukkamala and Andrew Sung (New Mexico Institute of Mining and Technology)
DFRWS USA 2002
Intrusion detection is a critical component of secure information systems. This paper addresses the issue of identifying important input features in building an intrusion detection system (IDS). Since elimination of the insignificant and/or useless inputs leads to a simplification of the problem, faster and more accurate detection may result. Feature ranking and selection, therefore, is an important issue in intrusion detection. Since support vector machines (SVMs) tend to scale better and run faster than neural networks with higher accuracy, we apply the technique of deleting one feature at a time to perform experiments on SVMs to rank the importance of input features for the DARPA collected intrusion data. Important features for each of the 5 classes of intrusion patterns in the DARPA data are identified. It is shown that SVM-based IDSs using a reduced number of features can deliver enhanced or comparable performance. An IDS for class-specific detection based on five SVMs is proposed.