Abstract
Intrusion Detection System (IDS) should guarantee high detection rates with minimum overheads to figure out intrusion detection model and process audit data. The previous approaches have mainly focused on feature selection of audit data and parameters optimization of intrusion detection models. However, feature selection and parameters optimization have been performed in separate way. Several hybrid approaches based on soft computing techniques are able to perform both of them together but they have more computational overheads. In this paper, we propose a new approach named Simultaneous Intrinsic Model Identification (SIMI), which enable one to perform both feature selection and parameters optimization together without any additional computational overheads. SIMI adopts Random Forest (RF) which is a promising machine learning algorithm and has been shown similar or better classification rates compared to Support Vector Machines (SVM). SIMI is able to model lightweight intrinsic intrusion detection model with optimized parameters and features. After determination of the intrinsic intrusion detection model, we visualize normal and attack patterns in 2 dimensional space using Multidimensional Scaling (MDS). We carry out several experiments on KDD 1999 intrusion detection dataset and validate the feasibility of our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)
Dash, M.: Feature Selection for Clustering – A Filter Solution. In: Proc. of IEEE Int. Conf. on Data Mining (ICDM), pp. 115–122 (2002)
Hall, M.A., Smith, L.A.: Feature subset selection: a correlation based filter approach. In: Proc. of Fourth Int. Conf. on Neural Information Processing and Intelligent Information Systems, pp. 855–858 (1997)
Intrusion Detection System.: http://www.webopedia.com/TERM/I/intrusion_detection_system.html
KDD Cup 1999 Data.: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
KDD-Cup-99 Task Description.: http://kdd.ics.uci.edu/databases/kddcup99/task.html
Kim, D., Park, J.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)
Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)
Kohavi, R., John, G.H.: Wrappers for feature subset selection. Artificial Intelligence 97(1–2), 273–324 (1997)
Middlemiss, M., Dick, G.: Feature Selection of Intrusion Detection Data using a Hybrid Genetic Algorithm/KNN Approach. In: Third Int. Conf. on Hybrid Intelligent Systems, Melbourne, Australia (2003)
Moradi, M., Zulkernine, M.: A Neural Network Based System for Intrusion Detection and Classification of Attacks. In: Proc. of IEEE Int. Conf. on Advances in Intelligent Systems-Theory and Applications, Luxembourg (2004)
Mukkamala, S., Sung, A.H., Ribeiro, B.M.: Model Selection for Kernel Based Intrusion Detection Systems. In: Proc. of Int. Conf. on Adaptive and Natural Computing Algorithms, pp. 458–461. Springer, Heidelberg (2005)
Noelia, S.-M.: A New Wrapper Method for Feature Subset Selection
Park, J., Shazzad, S.K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System Through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)
Rylander, B.: Computational Complexity and the Genetic Algorithm. Thesis for Ph.D., University of Idaho (2001)
Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)
The R Project for Statistical Computing, http://www.r-project.org/
Young, F.W., Hamer, R.M.: Theory and Applications of Multidimensional Scaling. Eribaum Associates, Hillsdale (1994)
Zhang, J., Zulkernine, M.: Network Intrusion Detection using Random Forests. In: Proc. of 3rd Annual Conf. on Privacy, Security and Trust (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, D.S., Lee, S.M., Park, J.S. (2006). Toward Lightweight Intrusion Detection System Through Simultaneous Intrinsic Model Identification. In: Min, G., Di Martino, B., Yang, L.T., Guo, M., Rünger, G. (eds) Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops. ISPA 2006. Lecture Notes in Computer Science, vol 4331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11942634_100
Download citation
DOI: https://doi.org/10.1007/11942634_100
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49860-5
Online ISBN: 978-3-540-49862-9
eBook Packages: Computer ScienceComputer Science (R0)