Westphal, Charles;
Hailes, Stephen;
Musolesi, Mirco;
(2025)
Feature Selection for Network Intrusion Detection.
In: Sun, Yizhou and Chierichetti, Flavio and Lauw, Hady W and Perlich, Claudia and Tok, Wee Hyong and Tomkins, Andrew, (eds.)
Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V.1.
(pp. pp. 1599-1610).
ACM
(In press).
Preview |
Text
Westphal_KDD25_FeatureSeletion.pdf - Accepted Version Download (915kB) | Preview |
Abstract
Network Intrusion Detection (NID) remains a key area of research within the information security community, while also being relevant to Machine Learning (ML) practitioners. The latter generally aim to detect attacks using network features, which have been extracted from raw network data typically using dimensionality reduction methods, such as principal component analysis (PCA). However, PCA is not able to assess the relevance of features for the task at hand. Consequently, the features available are of varying quality, with some being entirely non-informative. From this, two major drawbacks arise. Firstly, trained and deployed models have to process large amounts of unnecessary data, therefore draining potentially costly resources. Secondly, the noise caused by the presence of irrelevant features can, in some cases, impede a model’s ability to detect an attack. In order to deal with these challenges, we present Feature Selection for Network Intrusion Detection (FSNID) a novel information-theoretic method that facilitates the exclusion of non-informative features when detecting network intrusions. The proposed method is based on function approximation using a neural network, which enables a version of our approach that incorporates a recurrent layer. Consequently, this version uniquely enables the integration of temporal dependencies. Through an extensive set of experiments, we demonstrate that the proposed method selects a significantly reduced feature set, while maintaining NID performance. Code will be made available upon publication.
| Type: | Proceedings paper |
|---|---|
| Title: | Feature Selection for Network Intrusion Detection |
| Event: | KDD '25: The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining |
| ISBN-13: | 979-8-4007-1245-6 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3690624.3709339 |
| Publisher version: | https://doi.org/10.1145/3690624.3709339 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Feature selection, network intrusion detection, information theory, classification. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10211164 |
Archive Staff Only
 |
View Item |
