Real-Time Intrusion Detection System Using a Combination of Discretization and Feature Selection

An intrusion detection system in the cyber-networks is one of the most important lines of defense against the threats. Two main challenges in the field of intrusion detection systems are their ability to work in real-time domain and their attack detection accuracy. Elimination of non-critical features and discretization are two systematic ways to reduce the period of real-time processing and to increase the accuracy of the model. The main innovation of this paper is that eliminating of non-critical features and discretization are used simultaneously. In the proposed method, the pruned C4.5 algorithm is used as feature selection together with discretization algorithm in pre-processing phase. Experimental results on KDD cup 99 and NSL-KDD data sets, repectively showed that prediction accuracy of model in SVM, CART and Naïve Bayes algorithms after using the proposed method in the pre-processing phase, increases as 99.25% and 99.26%, 97.66% and 99.52%, 99.46% and 96.62% in that order. Also model construction time are reduced from 35.88, 0.08 and 6.64 seconds to 2.13 and 2.09, 0.01 and 0.01, 6.29 and 6.20 seconds, respectively. The results showed that the proposed system can effectively be used as a modern defense intrusion detection tool against cyber-attacks.