PhD Defence: Tarfa Hamed

Recursive Feature Addition for Synthetic, Real-World and Intrusion Detection Data Sets

Chair: Dr. Mark Wineberg

Advisor: Dr. Stefan Kremer
Co-Advisor: Dr. Rozita Dara
Non-Advisory Committee Member: Dr. Charlie Obimbo
External Examiner: Dr. Uyen Trang Nguyen [York University]

Protecting the information on the Internet is a significant objective and this significance is increasing with time. The Internet experiences many attacks every day and that is attracting all participant parties to find a solution. One of the most common solutions to provide network security is called a Network Intrusion Detection System (NIDS). Usually a NIDS utilizes a classifier to classify the data extracted from the incoming traffic to either a normal or an attack connection. To build an effective classifier so that it can successfully classify the incoming traffic and detect intrusions, the classifier needs to be fed with the most informative features from that network traffic. The feature selection phase is one of the early phases that needs to be carefully achieved. If this phase is not precisely addressed, the entire performance of the NIDS will tremendously deteriorate. However, for the NIDS that deals with new attacks, usually there are only a small number of examples with many features; this may lead to overfitting. Another problem that most feature selection methods suffer from is the challenge of finding interdependent features. Interdependent features are the features that work well only when they are used together but not alone.