Effects-based feature identification for network intrusion detection

Intrusion detection systems (IDS) are an important element in a network's defences to help protect against increasingly sophisticated cyber attacks. IDS that rely solely on a database of stored known attacks are no longer sufficient for effectively detecting modern day threats. This paper presents a novel anomaly detection technique that can be used to detect previously unknown attacks on a network by identifying attack features. This effects-based feature identification method uniquely combines k-means clustering, Naive Bayes feature selection and C4.5 decision tree classification for pinpointing cyber attacks with a high degree of accuracy in order to increase the situational awareness of cyber network operators.