An Intrusion Detection System implemented with Instance Selection based on Locality Sensitive Hashing for Data Reduction

Abstract:
Intrusion Detection Systems (IDS) play an important role in cybersecurity as they are used to detect cybersecurity attacks in networks. The research community has investigated and proposed a large variety of IDS designs using machine learning, deep learning, information theory measures and so on. Preferable features in IDS are high detection accuracy of the intrusion, short detection time and computing efficiency. This paper proposes the application of a new algorithm for instance selection recently proposed in literature, but never applied to IDS to the best of our knowledge. Instance selection identifies a subset of the initial data set which is able to achieve or improve the original purpose (e.g., identification accuracy) of the machine learning application as if the whole data had been used. The algorithm is applied to the recently published CICIDS2017 data set for three attacks: Denial of Service (DoS), Distributed Denial of Service (DDoS) and Port Scan. For most of the attacks and metrics, the application of the instance selection algorithm improves the detection accuracy of the cybersecurity attacks in terms of Error Rate (ER), False Positive Rate (FPR) and False Negative Rate (FNR).