Journal of Computer Sciences and Applications
ISSN (Print): 2328-7268 ISSN (Online): 2328-725X Website: Editor-in-chief: Minhua Ma, Patricia Goncalves
Open Access
Journal Browser
Journal of Computer Sciences and Applications. 2013, 1(3), 33-38
DOI: 10.12691/jcsa-1-3-1
Open AccessArticle

Improving the Intrusion Detection Systems' Performance by Correlation as a Sample Selection Method

Rahimeh Rouhi1, , Farshid Keynia2 and Mehran Amiri1

1Department of Computer Engineering, Islamic Azad University, science and research branch, Kerman, Iran

2Graduate University of Advanced Technology, Kerman, Iran

Pub. Date: May 02, 2013

Cite this paper:
Rahimeh Rouhi, Farshid Keynia and Mehran Amiri. Improving the Intrusion Detection Systems' Performance by Correlation as a Sample Selection Method. Journal of Computer Sciences and Applications. 2013; 1(3):33-38. doi: 10.12691/jcsa-1-3-1


Due to a growing number of the computer networks in recent years, there has been an increasing interest in the intrusion detection systems (IDSs). In this paper we have proposed a method applied to the instance selection from KDD CUP 99 dataset which is used for evaluating the anomaly detection techniques. In order to determine the performance of proposed method in the dataset reduction, a feed forward neural network was trained by a reduced dataset to classify normal or attack records in the dataset. The most obvious finding resulted from this study is a considerable increase in the accuracy rate obtained from the neural network.

intrusion detection system (IDS) instance selection anomaly detection neural network

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit


Figure of 3


[1]  Beghdad, R.,"Critical study of neural networks in detecting intrusions," Computers & Security 27. 168-175. 2008.
[2]  Bolón-Canedo, V., Sánchez-Maroño, N., Alonso-Betanzos, A.,"Feature selection and classification in multiple class datasets: An application to KDD CUP 99 dataset," Expert System with Application, 38. 5947-5957. 2011.
[3]  Chimphlee, W., HananAbdullah, A., Md Sap, M.N., Chimphlee, S., Srinoy, S., "A Rough-Fuzzy Hybrid Algorithm for computer intrusion detection," The International Arab Journal of Information Technology, 4(3): 247-253. 2007.
[4]  Nguyen, H., Franke, K., Petrović, S., "Improving effectives of intrusion detection by correlation feature selection," International Conference on Availability, Reliability and Security 10. 17-24.2010.
[5]  Chon, T.S., Kang, K.Y., Luo, J., "Correlation-based feature selection for intrusion detection design," Military Communication Conference .1-7.2007.
[6]  Debar, H., Becker, M., Siboni, D., "A neural network component for an intrusion detection system," The proceedings of the 1992 IEEE symposium on research in computer security and privacy, Oakland, CA. 240-250.1992.
[7]  Lin, M., Miikkulainen, R., Ryan, J., "Intrusion detection with neural networks," Advances in Neural Information Processing Systems. 943-949.1998.
[8]  Ryan, J., Lin, M., Miikkulainen, R., "Intrusion detection with neural networks," AI approaches to fraud detection and risk management: papers from the 1997 AAAI workshop, Providence, RI. 72-79.1997.
[9]  Ghosh, A.K., Schwartzbard, A., "A study in using neural networks for anomaly and misuse detection," The proceeding on the 8th USENIX security symposium. 1999.
[10]  Cannady, J., "Artificial neural networks for misuse detection," The proceedings of the 1998 national information systems security conference (NISSC’98).1998.
[11]  Mukkamala, S., "Intrusion detection using neural networks and support vector machine," The proceedings of the 2002 IEEE international joint conference on neural networks. 2002.
[12]  Tan, K., "The application of neural networks to UNIX computer security," Proceedings of IEEE International Conference on Neural Networks, vol. 1. 476-481.1995.
[13]  Ryan, J., Lin, M.J., Miikkulainen, R., "Intrusion detection with neural networks," Advances in Neural Information Processing Systems, 10. 943-949.1998.
[14]  Hofmann, A., Schmitz, C., Sick, B., "Rule extraction from neural networks for intrusion detection in computer networks," IEEE International Conference on Systems, Man and Cybernetics, vol. 2. 1259-1265.2003.
[15]  Liu, Z., Florez, G., Bridges, S.M., "A comparison of input representations in neural networks: a case study in intrusion detection," Proceedings of the International Joint Conference on Neural Networks (IJCNN’02), vol. 2, Honolulu, HI, USA.1708-1713.2002.
[16]  Chan, A.P.F., Ng, W.W.Y., Yeung, D.S., Tsang, E.C.C., "Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN," Proceedings of 2005 International Conference on Machine Learning and Cybernetics, vol. 6. 3846-3851.2005.
[17]  Jiang, J., Zhang, C., Kame, M., "RBF-based real-time hierarchical intrusion detection systems," Proceedings of the International Joint Conference on Neural Networks (IJCNN’03), vol. 2. 1512-1516.2003.
[18]  Langley, P., "Selection of relevant features in machine learning. Institute for the Study of Learning and Expertise," Technical Report, 94-3.1994.
[19]  Olvera-Lopez, J.A., Carrasco-Ochoa, J.A., Martinez, J.F., Kittler, J., "A review of instance selection methods," Artificial Intelligence Rev 34. 133-134.2010.
[20]  Cover, T., Hart, P., "Nearest neighbor pattern classification," IEEE Trans Information Theory 13. 21-27.1967.
[21]  Hart, P.E., "The condensed nearest neighbor rule," IEEE Trans Information Theory 14.515-516. 1968.
[22]  Chien-Hsing, C., Bo-Han, K., and Fu, C., "The generalized condensed nearest neighbor rule as a data reduction method," Proceeding of the 18th International Conference on Pattern Recognition, IEEE Computer Society, Hong-Kong. 556-559.
[23]  Wilson, D.L., "Asymptotic properties of nearest neighbor rules using edited data," IEEE Trans System Man Cybern 2.408-421.1972.
[24]  Tomek, I., "An experiment with the edited nearest-neighbor rule," IEEE Trans System Man Cybern 6-6. 448-452. 1976.
[25]  Wilson, D.R., Martinez, T.R., "Reduction techniques for instance-based learning algorithms," Mach Learn 38. 257-286.2000.
[26]  Riquelme, J.C., Aguilar-Ruíz, J.S., Toro, M., "Finding representative patterns with ordered projections," pattern recognition 36.1009-1018.2003.
[27]  Olvera-López, J.A., Carraso-Ochoa, J.A., Martínez-Trinidad, J.F., Object selection based on clustering and border objects, In: Kurzynski, M. et al. (Eds.), Computer Recognition Systems 2. ASC 45, Wroclaw, Poland.27-34.2007.
[28]  Bezdek, J.C., Kuncheva, L.I., "Nearest prototype classifier designs: an experimental study," International Journal Hybrid Intelligence System 16(12).1445-1473. 2001.
[29]  Spillmann, B., Neuhaus, M., Bunke, H., Pekalska, E., Duin, R.P.W. Transforming strings to vector spaces using prototype selection. In: Yeung al. (Eds.), SSPR&SPR, LNCS 4109. Hong-Kong. 287-296.2006.
[30]  Mollineda, R.A., Ferri, F.G., Vidal, E., "An efficient prototype merging strategy for the condensed 1-NN rule through class-conditional hierarchical clustering," Pattern Recognition 35. 2771-2782.2002.
[31]  Venmann, C.J., Reinders, M.J.T., "The nearest sub-class classifier: a compromise between the nearest mean and nearest neighbor classifier," IEEE Trans Pattern Anal Match Intelligence 27(9). 1417-1429.2005.
[32]  Richaroen, T., Lursinsap, C., "A divide-and-conquer approach to the pair wise opposite class-nearest neighbor (POC-NN) algorithm," Pattern Recognition Letter 26(10).1554-1567.2005.
[33]  Olvera-Lopez, J.A., Carrasco-Ochoa, J.A., Martinez-Trinidad, J.F., Prototype selection via prototype relevance, in: Ruiz-Shuleloper. J., Kropatch, W.G. (Eds.), CIARP. LNCS 5197, Habana, Cuba. 153-160.2008.
[34]  McHugh, J.," Testing intrusion detection system: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by Lincoln laboratory, "ACM Transactions on Information and system security, 3(4): 262-294.2000.
[35]  Tavallaee, M., Bagheri, E., Wei, L.u., Ghorbani, A., "A detailed analysis of the KDD CUP 99 dataset," Proceedings of IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA). 2009.