Identifying important characteristics in the KDD99 intrusion detection dataset by feature selection using a hybrid approach

Intrusion detection datasets play a key role in fine tuning Intrusion Detection Systems (IDSs). Using such datasets one can distinguish between regular and anomalous behavior of a given node in the network. To build this dataset is not straightforward, though, as only the most significant features of the collected data for detecting the node's behavior should be considered. We propose in this paper a technique for selecting relevant features out of KDD99 using a hybrid approach toward an optimal subset of features. Unlike existing work that only detect attack or no attack conditions, our approach efficiently identifies which sort of attack each register in the dataset refers to. The evaluation results show that the optimized subset of features can improve performance of typical IDSs.