IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0166017.html
   My bibliography  Save this article

Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation

Author

Listed:
  • Taqwa Ahmed Alhaj
  • Maheyzah Md Siraj
  • Anazida Zainal
  • Huwaida Tagelsir Elshoush
  • Fatin Elhaj

Abstract

Grouping and clustering alerts for intrusion detection based on the similarity of features is referred to as structurally base alert correlation and can discover a list of attack steps. Previous researchers selected different features and data sources manually based on their knowledge and experience, which lead to the less accurate identification of attack steps and inconsistent performance of clustering accuracy. Furthermore, the existing alert correlation systems deal with a huge amount of data that contains null values, incomplete information, and irrelevant features causing the analysis of the alerts to be tedious, time-consuming and error-prone. Therefore, this paper focuses on selecting accurate and significant features of alerts that are appropriate to represent the attack steps, thus, enhancing the structural-based alert correlation model. A two-tier feature selection method is proposed to obtain the significant features. The first tier aims at ranking the subset of features based on high information gain entropy in decreasing order. The‏ second tier extends additional features with a better discriminative ability than the initially ranked features. Performance analysis results show the significance of the selected features in terms of the clustering accuracy using 2000 DARPA intrusion detection scenario-specific dataset.

Suggested Citation

  • Taqwa Ahmed Alhaj & Maheyzah Md Siraj & Anazida Zainal & Huwaida Tagelsir Elshoush & Fatin Elhaj, 2016. "Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation," PLOS ONE, Public Library of Science, vol. 11(11), pages 1-18, November.
  • Handle: RePEc:plo:pone00:0166017
    DOI: 10.1371/journal.pone.0166017
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0166017
    Download Restriction: no

    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0166017&type=printable
    Download Restriction: no

    File URL: https://libkey.io/10.1371/journal.pone.0166017?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Sangjin Kim & Jong-Min Kim, 2019. "Two-Stage Classification with SIS Using a New Filter Ranking Method in High Throughput Data," Mathematics, MDPI, vol. 7(6), pages 1-16, May.
    2. Mongkhon Thakong & Suphakant Phimoltares & Saichon Jaiyen & Chidchanok Lursinsap, 2018. "One-pass-throw-away learning for cybersecurity in streaming non-stationary environments by dynamic stratum network," PLOS ONE, Public Library of Science, vol. 13(9), pages 1-20, September.
    3. Xuyang Teng & Hongbin Dong & Xiurong Zhou, 2017. "Adaptive feature selection using v-shaped binary particle swarm optimization," PLOS ONE, Public Library of Science, vol. 12(3), pages 1-22, March.
    4. Theocharis Stylianos Spyropoulos & Christos Andras & Persefoni Polychronidou, 2022. "An Analysis of Start-Up Founders Perceptions Based on Entropy Ratios - Evidence from the Greek IT Market," European Research Studies Journal, European Research Studies Journal, vol. 0(3), pages 500-516.
    5. Chuang Song & Chen Yu & Zhenhong Li & Stefano Utili & Paolo Frattini & Giovanni Crosta & Jianbing Peng, 2022. "Triggering and recovery of earthquake accelerated landslides in Central Italy revealed by satellite radar observations," Nature Communications, Nature, vol. 13(1), pages 1-12, December.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0166017. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.