Feature Selection Algorithm For Intrusion Detection Using Cuckoo Search Algorithm

Abstract

High-dimensional data requires a lengthy computation time and is more difficult to model, analyze and visualize. Feature selection algorithm is needed in order to obtain the best features and eliminate irrelevant ones. In this paper, we implement a feature selection algorithm for network intrusion data, in order to detect intrusions on real time network traffic using high accuracy and real time speed. This is very difficult to do if the processed data has a very large number of features.Feature selection algorithm generally consists of two parts: attribute evaluation and search method. Attribute evaluation is the process of scoring the different feature subsets while search methods is used to propose new feature subsets. We apply a Cuckoo Search (CS) as feature selection algorithm into three intrusion datasets: KDD Cup 99, NSL-KDD and Botnet ISCX 2017. We compare the performance of the Cuckoo Search (CS) algorithm with other two Evolutionary Algorithms: Genetic Algorithm (GA) and Particle Swarm Optimization (PSO). Our experiments show that CS is better than GA and PSO in reducing the number of intrusion dataset features (ISCX2017) from 79 attributes to 11 (13.9% of the original attributes). In the KDDCup '99 dataset, the CS algorithm reduces the number of attributes from 41 to 13 (31.7% of the original attribute) and in the NSL-KDD dataset, the CS algorithm reduces the number of attributes from 41 to 9 (21.9% of the original attribute). In terms of classification performance, CS is better than PSO in the ISCX2017 botnet dataset, while PSO is superior to CS and GA in the KDDCup '99 and NSL-KDD intrusion datasets.