http://iet.metastore.ingenta.com
1887

Constructing important features from massive network traffic for lightweight intrusion detection

Constructing important features from massive network traffic for lightweight intrusion detection

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Efficiently processing massive data is a big issue in high-speed network intrusion detection, as network traffic has become increasingly large and complex. In this work, instead of constructing a large number of features from massive network traffic, the authors aim to select the most important features and use them to detect intrusions in a fast and effective manner. The authors first employed several techniques, that is, information gain (IG), wrapper with Bayesian networks (BN) and Decision trees (C4.5), to select important subsets of features for network intrusion detection based on KDD'99 data. The authors then validate the feature selection schemes in a real network test bed to detect distributed denial-of-service attacks. The feature selection schemes are extensively evaluated based on the two data sets. The empirical results demonstrate that with only the most important 10 features selected from all the original 41 features, the attack detection accuracy almost remains the same or even becomes better based on both BN and C4.5 classifiers. Constructing fewer features can also improve the efficiency of network intrusion detection.

References

    1. 1)
      • 1. Snort, http://www.snort.org/, December 2014.
    2. 2)
    3. 3)
      • 3. KDD Cup 1999 data (Computer network intrusion detection): http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999 (retrieved in December, 2014).
    4. 4)
      • 4. Yu, L., Liu, H.: ‘Feature selection for high-dimensional data: A fast correlation-based filter solution’. ICML, 2003, pp. 856863.
    5. 5)
      • 5. Wang, W., Gombault, S., Guyet, T.: ‘Towards fast detecting intrusions: Using key attributes of network traffic’. ICIMP, 2008, pp. 8691.
    6. 6)
    7. 7)
    8. 8)
    9. 9)
    10. 10)
    11. 11)
    12. 12)
    13. 13)
    14. 14)
    15. 15)
    16. 16)
    17. 17)
    18. 18)
    19. 19)
    20. 20)
    21. 21)
      • 21. Sung, H., Mukkamala, S.: ‘Identifying important features for intrusion detection using support vector machines and neural networks’. Sympon Applications and the Internet, 2003.
    22. 22)
      • 22. Das, S.: ‘Filters, wrappers and a boosting-based hybrid for feature selection’. ICML, 2001, pp. 7481.
    23. 23)
      • 23. Duda, O., Hart, E., Stork, G.: ‘Pattern classification’ (China Machine Press, Beijing, 2004, 2nd edn.).
    24. 24)
      • 24. Heckerman, D.: ‘A tutorial on learning with Bayesian networks, microsoft research’. Technical Report MSRTR-95-06, 1995.
    25. 25)
      • 25. Quinlan, R.: ‘C4.5: Programs for machine learning’ (Morgan Kaufmann Publishers, 1993).
    26. 26)
      • 26. Wang, W., Gombault, S.: ‘Efficient detection of DDoS attacks with important attributes’. CRiSIS, 2008, pp. 6167.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0353
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0353
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address