Features Evaluation for Anomaly Intrusion Detection System
Adil M. Salman
Safaa O. Al-mamory
In network security there is an essential field called intrusion detection system it is a method for detecting abnormal activities in network traffic. Another significant field in these systems is the feature selection methods which reduces the calculation time and tested data. This study introduces an evaluation of the most important features that used in intrusion detection methods of network flow to help the researchers knowing which features are important. Fifty-three different methods are investigated of feature selection and some intrusion detection methods including 39 methods that using different DARPA datasets and 14 methods using other different datasets. We also applied an experiment consists of 96 tests using WEKA 3.8.0 Software for datamining where we utilized 12 combinations of feature selection algorithms, the used datasets were KDD-CUP99 and NSL-KDD datasets. The contribution of this study is the focus on which of the features have the highest selected percentage for both the studied papers and our experiment. We have concluded that the basic features and the features based on the hosts which give the resource of the attacks was the most features that researchers used.