Revealing the Influence of Feature Selection for Fast Attack Detection

Summary The success of an intrusion detection system depends on the selection of the appropriate features in detecting the intrusion activity. Selecting unnecessary features may cause computational issues and decrease the accuracy of detection. Furthermore, current research concentrates more on the technique of detection rather than revealing the reason behind the selection. They just used the features without mentioning the influence of the feature inside the system itself. Therefore this research will reveal the influence of the features using statistical approach and comparison approach. The result indicates that the feature selected in the research has a good influence and may be useful in detecting the intrusion activity. After revealing the relation and influence of the features, we propose a set of minimum features that can be used to detect a fast attack.

[1]  Ali A. Ghorbani,et al.  Toward a feature classification scheme for network intrusion detection , 2006, 4th Annual Communication Networks and Services Research Conference (CNSR'06).

[2]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[3]  Joohan Lee,et al.  Packet- vs. session-based modeling for intrusion detection systems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[4]  Simin Nadjm-Tehrani,et al.  Alarm reduction and correlation in defence of IP networks , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[5]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[6]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[7]  Dimitris Gavrilis,et al.  Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features , 2005, Comput. Networks.

[8]  Rasool Jalili,et al.  Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks , 2005, ISPEC.

[9]  Y. Wang,et al.  Model of Network Intrusion Detection System based on BP Algorithm , 2006, 2006 1ST IEEE Conference on Industrial Electronics and Applications.

[10]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[11]  Joohan Lee,et al.  Bootstrapping methodology for the Session-based Anomaly Notification Detector (SAND) , 2006, ACM-SE 44.

[12]  Salvatore J. Stolfo,et al.  Surveillance detection in high bandwidth environments , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[13]  Fang-Yie Leu,et al.  A host-based real-time intrusion detection system with data mining and forensic techniques , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[14]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[15]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[16]  Andrew W. Moore,et al.  Traffic Classification Using a Statistical Approach , 2005, PAM.

[17]  Mohd Aizaini Maarof,et al.  Feature Selection Using Rough Set in Intrusion Detection , 2006, TENCON 2006 - 2006 IEEE Region 10 Conference.

[18]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[19]  V. Anil Kumar Sophistication in distributed denial-of-service attacks on the Internet , 2004 .

[20]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[21]  Karl N. Levitt Intrusion detection: current capabilities and future directions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[22]  A. Shukla,et al.  TCP Connection Management Mechanisms for Improving Internet Server Performance , 2006, 2006 1st IEEE Workshop on Hot Topics in Web Systems and Technologies.