Your browser does not support JavaScript!

Constructing important features from massive network traffic for lightweight intrusion detection

Constructing important features from massive network traffic for lightweight intrusion detection

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Efficiently processing massive data is a big issue in high-speed network intrusion detection, as network traffic has become increasingly large and complex. In this work, instead of constructing a large number of features from massive network traffic, the authors aim to select the most important features and use them to detect intrusions in a fast and effective manner. The authors first employed several techniques, that is, information gain (IG), wrapper with Bayesian networks (BN) and Decision trees (C4.5), to select important subsets of features for network intrusion detection based on KDD'99 data. The authors then validate the feature selection schemes in a real network test bed to detect distributed denial-of-service attacks. The feature selection schemes are extensively evaluated based on the two data sets. The empirical results demonstrate that with only the most important 10 features selected from all the original 41 features, the attack detection accuracy almost remains the same or even becomes better based on both BN and C4.5 classifiers. Constructing fewer features can also improve the efficiency of network intrusion detection.


    1. 1)
    2. 2)
      • 5. Wang, W., Gombault, S., Guyet, T.: ‘Towards fast detecting intrusions: Using key attributes of network traffic’. ICIMP, 2008, pp. 8691.
    3. 3)
    4. 4)
    5. 5)
    6. 6)
      • 1. Snort,, December 2014.
    7. 7)
      • 22. Das, S.: ‘Filters, wrappers and a boosting-based hybrid for feature selection’. ICML, 2001, pp. 7481.
    8. 8)
    9. 9)
    10. 10)
    11. 11)
      • 3. KDD Cup 1999 data (Computer network intrusion detection):, 1999 (retrieved in December, 2014).
    12. 12)
    13. 13)
    14. 14)
      • 24. Heckerman, D.: ‘A tutorial on learning with Bayesian networks, microsoft research’. Technical Report MSRTR-95-06, 1995.
    15. 15)
      • 26. Wang, W., Gombault, S.: ‘Efficient detection of DDoS attacks with important attributes’. CRiSIS, 2008, pp. 6167.
    16. 16)
    17. 17)
      • 4. Yu, L., Liu, H.: ‘Feature selection for high-dimensional data: A fast correlation-based filter solution’. ICML, 2003, pp. 856863.
    18. 18)
      • 21. Sung, H., Mukkamala, S.: ‘Identifying important features for intrusion detection using support vector machines and neural networks’. Sympon Applications and the Internet, 2003.
    19. 19)
      • 23. Duda, O., Hart, E., Stork, G.: ‘Pattern classification’ (China Machine Press, Beijing, 2004, 2nd edn.).
    20. 20)
    21. 21)
    22. 22)
    23. 23)
    24. 24)
    25. 25)
      • 25. Quinlan, R.: ‘C4.5: Programs for machine learning’ (Morgan Kaufmann Publishers, 1993).
    26. 26)

Related content

This is a required field
Please enter a valid email address