The Effect of Feature Selection on Detection Accuracy of Machine Learning Algorithms Noureldien A. Noureldien Raghda A. Hussain Ahmed Khalid University of Science and Technology University of Science and Technology Najran University Department of Computer Science Department of Computer Science Community College Omdurrman, Sudan Omdurman, Sudan KSA Abstract Machine learning algorithms are commonly used to detect anomalies in network traffic. Recently, many research studies are focus on the detection performance of classification algorithms. Determining the optimistic performance of an algorithm is dependent on various factors and determining the optimistic detection performance for a given algorithm is a challenging research problem. In this paper an experiment was conducted to see the effect of feature selection on the detection performance of machine learning algorithms. The algorithms Trees.J48, Bayes.BayesNet, Functions.Logistic, Meta.Bagging and Rules.ZeroR are used to test their detection performance of DoS attacks in KDDCup99 data set using different sets of features. The experimental results show that an algorithm detection performance is dependent on the selected features and the general detection behavior is independent of the number of selected features. 1. Introduction Network intrusion detection aims to protect networks and systems from malicious attacks. Intrusion detection techniques can be divided into two complementary approaches: misuse detection, and anomaly detection. Misuse detection systems stores patterns of known attacks and scan the system data for occurrences of these patterns, on the other hand anomaly detection systems works by monitoring significant deviations from a normal or expected behavior of the system or users. The anomaly based detection system first learns normal system or user activities and then alerts the system or user behaviors that deviate from the already learned activities. The main negative aspect of anomaly based detection systems is that it erroneously classifies the normal system or user behaviors as attacks, which would result in false positive alarms. In anomaly detection systems classifiers or machine learning algorithms are used to differentiate normal behavior from malicious one. Typically machine learning algorithms are trained to learn normal behavior so that they can detect abnormal or malicious behavior in new data. The learning process is either supervised or unsupervised. In supervised learning, the class labels of training data are already known. The task of a supervised learner is to find a function to approximate the mapping between training data and their classes so that it can predict the classes of new data. There are many algorithms proposed for supervised learning, such as artificial neural networks [1], naïve Bayes classifiers [2], decision trees [3], K-nearest neighbor [4], support vector machines (SVMs) [5] and random forests [6]. In order to improve the learning process, before the algorithm starts training and learning, the training data set go through many operations, known as data preprocessing. One of the major techniques that are used frequently in data preprocessing is feature selection. Feature selection is about how to select informative features from the data set features to remove irrelevant, redundant or noisy ones from data. By reducing the dimensionality of data, feature selection reduces the overall computational cost, improves the performance of learning algorithms and enhances the comprehensibility of the data models. With the help of feature selection, machine learning algorithms become more scalable, reliable and accurate. Many feature selection algorithms have been proposed in the literature [7, 8, 9, 10, 11, 12, 13]. These algorithms are categorized into two groups, wrapper employs learning algorithms and the filter algorithms. From this enormous and increasing number of classification and feature selection algorithms, it becomes important to answer questions such as "Which classification algorithm have a high detection performance for a given attack type?", "What is the optimistic feature set for a given classification algorithm that achieves best performance?", "How 1407 International Journal of Engineering Research & Technology (IJERT) Vol. 2 Issue 11, November - 2013 ISSN: 2278-0181 www.ijert.org IJERTV2IS110355