New class-dependent feature transformation for intrusion detection systems


Mehdi Mohammadi, Department of Computer Engineering, Iran University of Science and technology, University Road, Hengam Street, Resalat Square, Tehran, Iran.



Intrusion Detection Systems (IDS) mainly focus on the original features extracted from the communications networks without complex pre-processing. In this paper, we propose new methods for class-dependent feature transformation to improve the accuracy of the IDS. In the previously known class-dependent feature transformation methods, the mapping process is accomplished by employing separate mapping matrices for each class of the dataset. In the training phase, samples of each class is mapped using only the corresponding matrix, whereas, in the test phase, each sample is mapped using all transformation matrices. This may lead to inaccuracy in classification. We modify the training and test phases of the class-dependent methods to extract more information from the dataset in the training phase that the other class-dependent methods ignore. Unlike the previously known class-dependent methods, the training and test phases of our proposed methods are very similar. We evaluate the performance of the proposed methods by measuring Mutual Information, and Maximum-Relevancy Minimum-Redundancy Information on a benchmark dataset for intrusion detection, namely NSL-KDD dataset, and on three different types of classifiers: distance-based, neural network-based, and decision tree-based classifiers. The experimental results demonstrate that the classifiers trained on the dataset transformed by our proposed feature transformation methods are more accurate in detecting intruders. In all experiments, the proposed methods perform better than their peers in increasing the classifier accuracy and reducing the false alarm of the detection process. Copyright © 2011 John Wiley & Sons, Ltd.