—The feature selection phase is one of the first, and yet very important, tasks to be completed during the development of any Intrusion Detection System. If this phase is neglected, the detection performance of the entire system can drop significantly, regardless of the internal detection algorithms that are used. Our research focuses on mining the most useful network features for attack detection. Accordingly, we propose a mathematical procedure that uses statistical and fuzzy logic techniques to rank the participation of individual features into the detection process. We report our experimental findings on a set of 933 features, while using 180 different tuning parameters for each feature. The experimental results empirically confirm that our feature evaluation model can successfully be applied to mine the importance of a feature in the detection process.
Iosif-Viorel Onut, Ali A. Ghorbani