Skip to main content
SpringerLink
Log in

M of N Features vs. Intrusion Detection

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3480))

Included in the following conference series:

Abstract

In order to complement the incomplete training audit trails, model generalization is always utilized to infer more unknown knowledge for intrusion detection. Thus, it is important to evaluate model generalization with respect to the detection performance of intrusion detection. In this paper, based on a general intrusion detection methodology, M out of N features in a behavior signature are utilized to detect the behaviors (MN) instead of using all N features. This is because M of N features in a signature can generalize the behavior model to incorporate unknown behaviors, which are useful to detect novel intrusions outside the known behavior model. However, the preliminary experimental results show that all features of any signature should be fully utilized for intrusion detection instead of M features in it. This is because the M of N features scheme will make the behavior identification capability of the behavior model lost by detecting most behaviors as ‘anomalies’.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anchor, K.P., Zydallis, J.B., Gunsch, G.H., Lamont, G.B.: Extending the computer defense immune system: Network intrusion detection with a multiobjective evolutionary programming approach. In: ICARIS 2002: 1st International Conference on Artificial Immune Systems Conference Proceedings, University of Kent (2002)

    Google Scholar 

  2. Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion detection systems. Annales des Telecommunications 55(7-8), 361–378 (2000)

    Google Scholar 

  3. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)

    Google Scholar 

  4. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151–180 (1998)

    Google Scholar 

  5. Lee, W., Miller, M., Stolfo, S.: Toward cost-sensitive modeling for intrusion detection. Technical Report No. CUCS-002-00, Computer Science, Columbia University (2000)

    Google Scholar 

  6. Lee, W., Stolfo, S.J.: A framework for contructing features and models for intrusion detection systems. ACM Transactions on Information and System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  7. Mahoney, M.V., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: SIGKDD 2002, July 23-26 (2002)

    Google Scholar 

  8. Vigna, G., Kemmerer, R.A.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7(1), 37–71 (1999)

    Google Scholar 

  9. Wang, K., Stolfo, S.J.: Anomalyous payload-based network intrusion detection. Proceedings of RAID (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Engineering, Nanyang Technological University,  

    Zhuowei Li & Amitabha Das

Authors
  1. Zhuowei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amitabha Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W, T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, Z., Das, A. (2005). M of N Features vs. Intrusion Detection. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424758_103

Download citation

  • DOI: https://doi.org/10.1007/11424758_103

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25860-5

  • Online ISBN: 978-3-540-32043-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation