Selecting Features for Anomaly Intrusion Detection: A Novel Method using Fuzzy C Means and Decision Tree Classification

  • Jingping Song
  • Zhiliang Zhu
  • Peter Scully
  • Chris Price
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8300)


In this work, a new method for classification is proposed consisting of a combination of feature selection, normalization, fuzzy C means clustering algorithm and C4.5 decision tree algorithm. The aim of this method is to improve the performance of the classifier by using selected features. The fuzzy C means clustering method is used to partition the training instances into clusters. On each cluster, we build a decision tree using C4.5 algorithm. Experiments on the KDD CUP 99 data set shows that our proposed method in detecting intrusion achieves better performance while reducing the relevant features by more than 80%.


Intrusion detection Fuzzy C-Means Feature selection C4.5 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Applied Soft Computing 9(2), 462–469 (2009)CrossRefGoogle Scholar
  2. 2.
    Casas, P., Mazel, J., Owezarski, P.: Unsupervised network intrusion detection systems: Detecting the unknown without knowledge. Computer Communications 35(7), 772–783 (2012)CrossRefGoogle Scholar
  3. 3.
    Bolón-Canedo, V., Sánchez-Maroño, N., Alonso-Betanzos, A.: Feature selection and classification in multiple class datasets: An application to kdd cup 99 dataset. Expert Systems with Applications 38(5), 5947–5957 (2011)CrossRefGoogle Scholar
  4. 4.
    Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Computers & Security 24(4), 295–307 (2005)CrossRefGoogle Scholar
  5. 5.
    Mukkamala, S., Sung, A.H.: Feature ranking and selection for intrusion detection systems using support vector machines. In: Proceedings of the Second Digital Forensic Research Workshop. Citeseer (2002)Google Scholar
  6. 6.
    Lin, S.-W., Ying, K.-C., Lee, C.-Y., Lee, Z.-J.: An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Applied Soft Computing 12(10), 3285–3290 (2012)CrossRefGoogle Scholar
  7. 7.
    Amiri, F., Rezaei, Y., Mohammad, M., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. Journal of Network and Computer Applications 34(4), 1184–1199 (2011)CrossRefGoogle Scholar
  8. 8.
    Muniyandi, A.P., Rajeswari, R., Rajaram, R.: Network anomaly detection by cascading k-means clustering and c4. 5 decision tree algorithm. Procedia Engineering 30, 174–182 (2012)CrossRefGoogle Scholar
  9. 9.
    Altwaijry, H.: Bayesian based intrusion detection system. In: IAENG Transactions on Engineering Technologies, pp. 29–44. Springer (2013)Google Scholar
  10. 10.
    Parsons, L., Haque, E., Liu, H.: Subspace clustering for high dimensional data: a review. ACM SIGKDD Explorations Newsletter 6(1), 90–105 (2004)CrossRefGoogle Scholar
  11. 11.
    Fred, A.L., Jain, A.K.: Combining multiple clusterings using evidence accumulation. IEEE Transactions on Pattern Analysis and Machine Intelligence 27(6), 835–850 (2005)CrossRefGoogle Scholar
  12. 12.
    Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: KDD, vol. 96, pp. 226–231 (1996)Google Scholar
  13. 13.
    Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, vol. 38, pp. 333–342. Australian Computer Society, Inc. (2005)Google Scholar
  14. 14.
    Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA 2001). Citeseer (2001)Google Scholar
  15. 15.
    Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on kdd 99 intrusion detection datasets. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust. Citeseer (2005)Google Scholar
  16. 16.
    Cho, J., Lee, C., Cho, S., Song, J.H., Lim, J., Moon, J.: A statistical model for network data analysis: Kdd cup 99data evaluation and its comparing with mit lincoln laboratory network data. Simulation Modelling Practice and Theory 18(4), 431–435 (2010)CrossRefGoogle Scholar
  17. 17.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.-A.: A detailed analysis of the kdd cup 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Jingping Song
    • 1
    • 2
  • Zhiliang Zhu
    • 1
  • Peter Scully
    • 2
  • Chris Price
    • 2
  1. 1.Software CollegeNortheastern UniversityShenyangChina
  2. 2.Department of Computer ScienceAberystwyth UniversityUK

Personalised recommendations