Abstract—Intrusion detection is an important task for network operators in today’s Internet. Traditional network intrusion detection systems rely on either specialized signatures of previously seen attacks, or on labeled traffic datasets that are expensive and difficult to re-produce for user-profiling to hunt out network attacks. This paper presents a feature grouping method for the selection of features for intrusion detection. The method is based on mutual information theory and is tested against KDD CUP 99 dataset. It ranks the mutual information between features and uses the fuzzy C means algorithm to compose groups. The largest mutual information between each feature and a class label within a certain group is then selected. The evaluation results show that better classification performance results from such selected features.

Index Terms—Mutual information, feature grouping, intrusion detection and feature selection

Cite: Jingping Song, Zhiliang Zhu, and Chris Price, "Feature Grouping for Intrusion Detection Based on Mutual Information," Journal of Communications, vol. 9, no. 12, pp. 987-993, 2014. Doi: 10.12720/jcm.9.12.987-993