Online Feature Ranking for Intrusion Detection Systems
This work addresses the need for adaptive intrusion detection in cybersecurity, though it appears incremental as it builds on existing SVM methods for a specific domain.
The paper tackled the problem of static feature selection in intrusion detection systems by proposing an online feature ranking technique using incremental SVM learning, which adapts to dynamic network data and novel attacks, as demonstrated on two benchmark datasets.
Many current approaches to the design of intrusion detection systems apply feature selection in a static, non-adaptive fashion. These methods often neglect the dynamic nature of network data which requires to use adaptive feature selection techniques. In this paper, we present a simple technique based on incremental learning of support vector machines in order to rank the features in real time within a streaming model for network data. Some illustrative numerical experiments with two popular benchmark datasets show that our approach allows to adapt to the changes in normal network behaviour and novel attack patterns which have not been experienced before.