Today, intrusion detection systems as one of the most important system are used in detecting attacks and upgrade network security. Usually these systems are facing with large data sets and many features. Hence, choosing the appropriate features can be suitable solution to improve their performance in detecting attacks. On the other side, the outbreak of new attacks on computer networks, continual discovery of new vulnerabilities is an inevitable problem. To deal with this problem, intrusion detection systems not only should profit the acquired knowledge from the past, but also adapt themselves with the new condition which is different from the past to detect new attacks. Using the online method to select suitable features as new attacks are occurred, can be appropriate solution to this end. In this study, in order to increase accuracy in detecting attacks, we present a new graph-based method for online feature selection. In general, the proposed method with the arrival of a limited number of samples (flow of network packets), initially irrelevant features are removed. Then in order to reduce the search space, features are clustered based on graph theory. At any stage after the arrival of new samples, new clusters include features are created who may different from pervious step. Therefore, to find the appropriate clusters (clusters that properly classify features), followed by appropriate features, the two sets of clusters are combined. It should be mentioned that the appropriate clusters, saved to the composition of the new clusters. In continuation from appropriate clusters the number of relevant features with minimum redundancy is selected. Mentioned process is repeated with the new arrival samples. The evaluation results indicate that the proposed method compared to other similar online feature selection methods, has better performance. In other words, by selecting the appropriate features lead to increase the accuracy of classification of the samples. In addition, the proposed method has less run time and is also faster compared to offline methods and lead to acceptable of the accurate in classify the samples. Key Words: Online feature selection, clustering, ensemble clustering, intrusion detection system
