A Divide and Conquer Feature Reduction and Feature Selection Algorithm in KDD Intrusion Detection Dataset

Abstract

Generally, an IDS (10) is responsible to find out the attack and normal behavior analyzing intrusion detection datasets. But sometimes the attacker intelligence causes fail to identify the attack. Because attacker having various methods to attack which cannot be every time identifiable by an IDS. This paper provides a divide and conquers feature reducing and feature selection algorithm to reduce the feature set from a large KDD 99 dataset. Then reduced feature sets are classified on a KDD dataset with the help of the Tanagra data mining tool. So, the proposed algorithm is selected important feature set and classified with maximized classification rate. In every data base have their records with large number of features. Among the feature sets some features may be ir- relevant and the rest of the feature may be important. So, before going to perform any operation on a large dataset, it is very useful to reduce the database into the important feature set. Now the task to identify the important feature sets is more or less difficult. But, many scientists already succeeded to develop their own technique to identify im- portant feature sets. Generally, in intrusion detection system scientists are used KDD dataset which having 41 features for every record with 37 different types of attacks. So, for reducing the feature set we have to find hidden relationship in the data set which may help us to find out the important features. In this paper divide and conquer algorithm is used to find the hidden relationship to select the important feature sets. The proposed algorithm is applied to KDD datasets for both feature selection and classification using the reduced feature sets with the help of Tanagra7 tool. Now-a-days rapid increased of network system needs more security for protecting the unauthorized access to the security of information sharing and access. As, most of the attackers have dynamic behavior, success to access the unauthorized information. To protect the attacker KDD database recorded with taking most of the dynamic behavior of the attacker in TCP dump format and then the datasets are analyzed to detect attack or normal behavior by an intrusion detection system. But an IDS may take long time to analyze the KDD data set, due to large records and 41 features. So, the proposed algorithm selects important feature sets and reducing the overhead of IDS for analyzing the whole KDD dataset. The rest of the paper is kept as, section II, providing some related work, section III, giving divide and conquer algorithm, section IV, providing experimental result, section V, concluding the paper.