Building an Effective Intrusion Detection System using Genetic Algorithm based Feature Selection Mr. Prakash N Kalavadekar, Research Scholar Dr. Shirish S. Sane K.K Wagh Institute of Engineering Education & Research, Nashik Savitribai Phule Pune University, India, kprak3004@gmail.com, sssane@kkwagh.edu.in Abstract-Conventional methods of intrusion prevention like firewalls, cryptography techniques or access management schemes, have not proved themselves to completely defend networks and systems from refined malwares and attacks. Intrusion Detection Systems (IDS) are providing better solution to the current issues and thus became an important element of any security infrastructure to detect these threats so as to prevent widespread harm. The basic aim of IDS is to detect attacks and their nature and prevent damage to the computer systems. A signature-based IDS builds a classifier model using training data. The trained model is then used to detect and classify various attacks. As like any other classification applications, the issues in building such IDS is to pre-process the training dataset by selecting only a handful of important features to build a compact model in least amount of time without degradation in detection rate, accuracy etc. Several different algorithms are available for feature selection. FMIFS is one of such reported feature selection approach. This paper investigates the performance of IDS that employs genetic algorithm for features selection. The empirical results presented here are encouraging and show superiority of Genetic based feature selection over FMIFS and other state-of-the-art feature selection algorithms with respect to time required to build the model, detection rate, accuracy, false positive rate and F-measure. Keywords: Intrusion Detection, Security, Signature, Features. I. INTRODUCTION Security attacks are classified into two types: passive and active. The passive attacks are usually invisible (hidden) and do tapping of the communication link to gather data or destroy the network functioning. Passive attacks are classified as eavesdropping, tampering, traffic monitoring and analysis. Active attacks affect the operations within the network [1]. The performance of networking services may get degraded or come to a halt because of these attacks. Active attacks are classified as hole attacks, Denial-of-Service (DoS), jamming, flooding etc. The security solutions for two types of networks (wireless or wired) are as given below: Prevention: It provides preventing before happening of any attack. Signature based technique can used to protect against the targeted attack. Detection: If an attacker break the precautions made by the prevention system, then defending is difficult for such types of attacks. At this point, the protection answer would instantly use the ‘detection’ section of the attack to find which parts of the nodes are being compromised. Mitigation: In this step the affected nodes were removed from the network and securing the network [18]. In any security system, if prevention does not stop intrusions, then detection system will be used for further process. Detection means finding suspicious behavior of user during a network communications. In the security set up, IDS offer information to the opposite systems such as identification, location ( single node or group of nodes from particular region), time of the intrusion, type of intrusion (active or passive), specific attack name, OSI layer such as physical, data link, network from where attack is happened. This data would be terribly useful in defense like mitigating and analyzing the results of attacks. So, IDS plays important role in network security. Intrusion is referred as: “any set of actions that plan to compromise the integrity, confidentiality, or handiness of a resource” and intrusion interference techniques such as encoding, authentication, access management, secure routing, etc. are parts of the initial phase of defense against intrusions. But till there are security systems does not provide fully preventions for intrusions. The discovery of security keys to the intruders can compromise the security of nodes. So this will break the defined mechanism of preventive security. So the IDS will play the role of disclosure of intrusions for preventing important system resources. The IDS should posses as: “low false positive rate, calculated because the proportion of normalcy variations detected as anomalies, International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 7, July 2018 97 https://sites.google.com/site/ijcsis/ ISSN 1947-5500