Skip to Main Content
The selection of optimal attributes from the set of all possible attributes of a network traffic is the first step to detect network intrusions. However, in order to optimize the effectiveness of intrusion detection procedure and decrease its complexity, it is still a challenge to select an optimal attribute subset. In this context, the primary problem of attribute selection is the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy performances compared with Shannon entropy in order to obtain an optimal attribute subset that increase the capability of the Intrusion Detection System to classify the traffic as normal or as suspicious. In the experimental results, the detection accuracy and the false alarm rate almost remains the same or even becomes better depending on the attack category (e.g. in the DoS and Probing attack) when small attribute subsets are used compared when all attributes are used.