Attribute Reduction for Effective Intrusion Detection

Computer intrusion detection is to do with identifying computer activities that may compromise the integrity, confidentiality or the availability of an IT system. Anomaly Intrusion Detection Systems (IDSs) aim at distinguishing an abnormal activity from an ordinary one. However, even in a moderate site, computer activity very quickly yields Giga-bytes of information, overwhelming current IDSs. To make anomaly intrusion detection feasible, this paper advocates the use of Rough Sets previous to the intrusion detector, in order to filter out redundant, spurious information. Using rough sets, we have been able to successfully identify pieces of information that succinctly characterise computer activity without missing chief details. The results are very promising since we were able to reduce the number of attributes by a factor of 3 resulting in a 66% of data reduction. We have tested our approach using BSM log files borrowed from the DARPA repository.

[1]  Richard P. Lippmann,et al.  1999 DARPA Intrusion Detection Evaluation: Design and Procedures , 2001 .

[2]  Andrzej Skowron,et al.  Rough Sets: A Tutorial , 1998 .

[3]  Carla E. Brodley,et al.  Data Reduction Techniques for Instance-Based Learning from Human/Computer Interface Data , 2000, ICML.

[4]  T. Ushio,et al.  Binary Encoding of Discernibility Patterns to Find Minimal Coverings , 2002, Int. J. Softw. Eng. Knowl. Eng..

[5]  Peter J. Bentley,et al.  The Human Immune System and Network Intrusion Detection , 1999 .

[6]  Daniel J. Ragsdale,et al.  A hybrid approach to the profile creation and intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Aleksander Ohrn,et al.  ROSETTA -- A Rough Set Toolkit for Analysis of Data , 1997 .

[8]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[9]  John R. Anderson,et al.  MACHINE LEARNING An Artificial Intelligence Approach , 2009 .

[10]  J. Ross Quinlan,et al.  Learning Efficient Classification Procedures and Their Application to Chess End Games , 1983 .

[11]  E. Smith Methods of Multivariate Analysis , 1997 .

[12]  Staal A. Vinterbo,et al.  Minimal approximate hitting sets and rule templates , 2000, Int. J. Approx. Reason..

[13]  Peter A. Dinda,et al.  Windows Performance Monitoring and Data Reduction Using WatchTower , 2001 .

[14]  David S. Johnson,et al.  Approximation algorithms for combinatorial problems , 1973, STOC.