Abstract:

In order to improve the performance of intrusion detection systems, the initial data are usually preprocessed by feature extraction so as to reduce the payload of the system and increase its detection speed. At first the rough set theory is used to give a formal description to the intrusion detection systems. Information entropy is applied to the discretization of continuous numerical attributes. Attribute features for intrusion detection are extracted by knowledge reduction. Information gain is used to control the reduction procedure of attribute features. The redundant features are eliminated effectively. The processing payload of the system is reduced and its detection effect is improved. The experiments justify that the proposed method makes the training time of the system to typical attacks for DoS and PROBING is reduced by 2.8 and 3.2 times. The detection speed of the system for two attacks is increased by 3.2 and 4.5 times.

Key words: intrusion detection；rough set；attribute reduction；information entropy