AbstractThe feature selection phase in network attack detection is mostly classifier based, while clustering techniques are used for labeling and creating compact training datasets. Because clustering finds natural groupings in the data, in this paper, a clustering‐based layered wrapper feature selection approach, LAWRA, has been proposed for selecting appropriate features for attack detection. The existing layered feature selection approaches in attack detection are unable to give results with high precision and recall because of the dependence on classifier accuracy, fitness value, and so on. Hence, in this paper, LAWRA uses external cluster validity indices, F‐measure, and Fowlkes–Mallows index, for feature selection. The two indices are the harmonic and geometric mean of precision and recall, respectively. Each index identifies features that give high precision and high recall of the attack detection algorithm. The first layer of LAWRA identifies the feature subset that best distinguishes between normal and attack instances and the second layer identifies the best cooperating features using cooperative game theory. Experiments have been conducted on NSL‐KDD dataset, and LAWRA has been compared with the existing approaches using different classifiers. The results show that LAWRA gives better overall accuracy and F‐measure value than the other approaches. Copyright © 2015 John Wiley & Sons, Ltd.
Read full abstract