Sequential Forward Feature Selection for Intrusion Detection System, Using Ant Colony Algorithm

Intrusion detection system (IDS) is one of the most important security tools, which is used for detecting computer attacks. This System reacts based on two methods: misuse-based and anomaly-based detection. The time limitation to responding and using low efficiency algorithm is the biggest challenge for researchers to promote detection of attacks in IDS. One of the most significant stages in intrusion detection process is the accurate selection of features of IDS to promote the detection, based on these features. In this article, a new method is presented to determine the most effective features in IDS, based on misuse detection method. In this method, the features of NSL-KDD data set have been reduced by ant colony optimization in sequential forward feature selection algorithm, utilizing PART classification algorithm. For evaluating success rate of this method, a specific software in Java language was implemented, using the functions of the library of WEKA. The results compared with other successful methods show that this method increases detection accuracy rate, with concurrent detection of attack category, from 84.1% to 85.35%. Also, the detection time decreases from 0.31 seconds to less than 0.25 seconds in a data set of approximately twenty thousand members.