https://jjcit.org/paper/47
FEATURE PRUNING METHOD FOR HIDDEN MARKOV MODEL-BASED ANOMALY DETECTION: A COMPARISON OF PERFORMANCE
10.5455/jjcit.71-1539139559
Sulaiman Alhaidari,Mohamed Zohdy
Anomaly detection; Feature pruning; Hidden Markov Model; NSL-KDD; DDoS; UNSW_NB15; IoTPOT.
3
3022
879
2018-10-10
2018-08-10
Selecting effective and significant features for Hidden Markov Model (HMM) is very important for detecting
anomalies in databases. The goal of this research is to identify the most salient and important features in building
HMM. In order to improve the performance of HMM, an approach of feature pruning is proposed. This approach
is effective in detecting and classifying anomalies, very simple and easily implemented. Also, it is able to reduce
computational complexity and time without compromising the model accuracy. In this work, the proposed
approach is applied to NSL-KDD (the new version of KDD Cup 99), DDoS, IoTPOT and UNSW_NB15 data sets.
Those data sets are used to perform a comparative study that involves full feature set and a subset of significant
features. The experimental results show better performance in terms of efficiency and providing higher accuracy
and lower false positive rate with reduced number of features, as well as eliminating irrelevant redundant or noisy
features.