Category-Based Selection of Effective Parameters for Intrusion Detection

Summary Existing intrusion detection techniques emphasize on building intrusion detection model based on all features provided. In feature-based intrusion detection, some selected features may found to be redundant and useless. Feature selection can reduce the computation power requirements and model complexity. This paper proposes a category-based selection of effective parameters for intrusion detection using principal components analysis method. In this paper, 32 basic features are selected from TCP/IP header. Tcpdump from DARPA 1998 dataset is used in the experiments as the test data. Principal Components Analysis (PCA) method is used to determine an optimal feature set. Experimental results show that feature reduction can improve detection rate for the category-based detection approach while maintaining the detection accuracy within an acceptable range. Feature reduction will speed up the training and the testing processes for the attack identification system considerably. Results presented in this paper show that normal state of the network and category of the attacks can be identified using a small number of a carefully selected network features.

[1]  Dimitrios Gunopulos,et al.  Automatic subspace clustering of high dimensional data for data mining applications , 1998, SIGMOD '98.

[2]  Amin Hassanzadeh,et al.  Intrusion Detection with Data Correlation Relation Graph , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[3]  Thomas Lindner,et al.  Task Description , 1995, Formal Development of Reactive Systems.

[4]  T. S. Chou,et al.  Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms , 2008 .

[5]  Ali Movaghar-Rahimabadi,et al.  Intrusion Detection: A Survey , 2008, 2008 Third International Conference on Systems and Networks Communications.

[6]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Peyman Kabiri,et al.  Identification of effective network features for probing attack detection , 2009, 2009 First International Conference on Networked Digital Technologies.

[8]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.

[9]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[10]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[11]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[12]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[13]  Mohd Faizal Abdollah,et al.  Revealing the Influence of Feature Selection for Fast Attack Detection , 2008 .

[14]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[15]  Roberto Battiti,et al.  Identifying Intrusions in Computer Networks based on Principal Component Analysis , 2005 .