Machine learning based Associate Feature reduction for Distributed Intrusion detection in Wireless Network Abstract: In the area

of feature reduction for better Intrusion Detection Systems, Evolutionary Computation (EC) techniques are increasingly being used for problem solving. This proposal concerns using Evolutionary Computation based learning machines for Associate Feature Reduction in Distributed Intrusion detection, which is a problem of general interest to transportation infrastructure protection since a necessary task thereof is to protect the computers responsible for the infrastructures operational control, and an effective Distributed Intrusion Detection System (DIDS) is essential for ensuring network security. Two classes of learning machines for DIDSs are studied: Bayesian Learning System (BLS) and Support Vector Machines (SVMs). We attempt in this research to show that SVMs are superior to BLS in three critical respects of DIDSs: SVMs train and run an order of magnitude faster with reduced Feature set; SVMs scales better with reduced feature set; and SVMs give higher classification accuracy. I this regard we propose a Distributed Network Intrusion Detection System (DNIDS) by associate feature reduction, which is a layered approach that helps to detect intrusion with minimal feature set. Problem Statement: Feature selection is the most critical step in building intrusion detection models. During this step, the most effective attributes or features need to be extracted in order to construct suitable detection models. Since a feature set would contain the irrelevant features to training algorithms, choosing the optimal set of features is key problem that many researchers face. The feature set that contains irrelevant and redundant would cause noisy data that distract the learning algorithm, severely degrading the accuracy of the detection model and causing slow training and testing processes. Feature selection was proven to have a significant impact on the performance of the classifiers. This description claims the wide scope to perform research in detection effective mechanisms for feature reduction. Existing solutions and their limits:

Duma et al introduced a trust-aware collaboration engine for correlating intrusion alerts. Their trust management scheme uses each peers past experience to predict others trustworthiness. Carol J Fung et al proposed a set of models, which uses Dirichlet distributions to model peer trust, but it does not investigate the conditional detection accuracy such as false positives and false negatives. Most previous approaches set a fixed length of the associate list. Others use a trust threshold to filter out less honest associates. The advantage of the threshold based decision is its simplicity and ease of implementation. However, it is only effective in a static environment where collaborators do not change. In a dynamic environment, nodes join and leave the network and the Associate list changes with time. Therefore, finding an optimal threshold is a difficult task. In this regard there are currently two models in the literature for feature selection: the filter model and the wrapper model. The wrapper model uses the predictive accuracy of a classifier as a means to evaluate the goodness of a feature set, while the filter model uses a measure such as information, consistency, or distance measures to compute the relevance of a set of features. These approaches suffer from many drawbacks: the first major drawback is that feeding the classifier with arbitrary features may lead to biased results, and hence, we cannot rely on the classifiers predictive accuracy as a measure to select features. A second drawback is that for a set of N features, trying all possible combinations of features (2N combinations) to find the best combination to feed the classifier is not a feasible approach. Motivation: Carol J Fung et al provided a Bayesian learning technique that helps each HIDS identify expert nodes and novice nodes based on past experience with them, specifically the false positive (FP) rate and false negative (FN) rate of each collaborator. Dishonest collaborators are identified and removed from its collaborator list. We define feedback aggregation in CIDN as a decision method whether or not to raise an alarm based on the collected opinions (feedback) from collaborator HIDSes. They also proposed a Bayesian decision model for feedback aggregation. Bayes theory is used to estimate the conditional probability of intrusions based on feedback from collaborators. A cost function is modeled to include the false positive decision cost and false negative decision cost. A decision of whether to rise alarm or not is chosen to achieve the minimal cost of false decisions.

Solution proposed In respect to SVM's advantages over BLS and the motivation gained from the Bayesian learning model proposed effective associate management, here we propose a Distributed Network Intrusion Detection System (DNIDS) by associate feature reduction. SVM's have the principal advantages over BLS's that are 1) the solution for the large-margin discriminator has a single minimum, so the system cannot fall into a sub-optimal solution provided by a "local minimum" like a neural net can. 2) The SVM will not over train. Nevertheless, an SVM can still be over fit by providing it with a data set that is too small or too noisy to relate the training compounds to the property of interest, so a test set is still necessary for validation. Typically, if the number of support vectors required by an SVM model is equal or nearly equal to the number of training compounds, a researcher should either seek more data or more informative descriptors. And 3), SVM models do not suffer from the susceptibility of some BLS models with too few neurons to cluster predictions at certain values or truncate their numerical range of coverage

Hardware Requirements: A CPU with CORE2duo, 2GB RAM and 80GB HDD OS: Any OS

Software Requirement: OS should have JRE (Java Runtime Environment) Language: JAVA SE IDE: Netbeans 6.5 Build Tool: ANT