X hits on this document

PDF document

Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach - page 7 / 10





7 / 10

  • b.

    Lacking an analytical model that provides the basis for a mathematical formula that precisely describes the input-output relationship, y = F (x)

  • c.

    Having available a finite set of experimental data, based on which a model (e.g. neural networks) can be built for simulation and prediction purposes

Due to the lack of an analytical model, one can only seek to determine the relative importance of the input variables through empirical methods. A complete analysis would require examination of all possibilities, e.g., taking two variables at a time to analyze their dependence or correlation, then taking three at a time, etc. This, however, is both infeasible (requiring 2n experiments!) and not infallible (since the available data may be of poor quality in sampling the whole input space). We applied the technique of deleting one feature at a time (16) to rank the input features and identifying the most important ones for intrusion detection. Figures 1 and 2 gives the rank and importance towards calssification of each class respectively. Table 4 gives a brief description of the most important five features for each class. Feature ranking performance results for the individual classes are given in figures 3,4,5,6, and 7.

Fig. 1. Rank of each features for each class

Fig. 2. Feature importance towards classification for each class

Document info
Document views13
Page views13
Page last viewedFri Oct 21 20:39:53 UTC 2016