Dimensionality reduction for denial of service detection problems using RBFNN output sensitivity

In this paper, we have presented a feature importance ranking methodology based on the stochastic radial basis function neural network output sensitivity measure and have shown, for the 10% training set of the DARPA network intrusion detection data set prepared by MIT Lincoln Labs, that 33 out of 41 features (more than 80% dimensionality reduction) can be removed without causing great harm to the classification accuracy of denial of service (DoS) attacks and normal packets (false positives rise from 0.7% to 0.93%). The reduced feature subset leads to more generalized and less complex model for classifying DoS and normal. Exploratory discussions on the relevancy of the selected features and the DoS attack types are presented.

[1]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[2]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[3]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[4]  D.S. Yeung,et al.  Statistical output sensitivity to input and weight perturbations of radial basis function neural networks , 2002, IEEE International Conference on Systems, Man and Cybernetics.

[5]  D.S. Yeung,et al.  Input dimensionality reduction for radial basis neural network classification problems using sensitivity measure , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[6]  Andrew H. Sung,et al.  Detecting denial of service attacks using support vector machines , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..