Skip to main content
SpringerLink
Log in

Attribute Reduction for Effective Intrusion Detection

  • Conference paper
Advances in Web Intelligence (AWIC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3034))

Included in the following conference series:

Abstract

Computer intrusion detection is to do with identifying computer activities that may compromise the integrity, confidentiality or the availability of an IT system. Anomaly Intrusion Detection Systems (IDSs) aim at distinguishing an abnormal activity from an ordinary one. However, even in a moderate site, computer activity very quickly yields Giga-bytes of information, overwhelming current IDSs. To make anomaly intrusion detection feasible, this paper advocates the use of Rough Sets previous to the intrusion detector, in order to filter out redundant, spurious information. Using rough sets, we have been able to successfully identify pieces of information that succinctly characterise computer activity without missing chief details. The results are very promising since we were able to reduce the number of attributes by a factor of 3 resulting in a 66% of data reduction. We have tested our approach using BSM log files borrowed from the DARPA repository.

This research is supported by three research grants CONACyT 33337-A, CONACyT-DLR J200.324/2003 and ITESM CCEM-0302-05.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kim, J., Bentley, P.: The Human Immune System and Network Intrusion Detection. In: Proceedings of the 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT 1999), Aachen, Germany. ELITE Foundation (1999)

    Google Scholar 

  2. Sun MicroSystems: SunSHIELD Basic Security Module Guide. Part number 806- 1789-10 edn. (2000)

    Google Scholar 

  3. Haines, J.W., Lippmann, R.P., Fried, D.J., Tran, E., Boswell, S., Zissman, M.A.: 1999 DARPA intrusion detection system evaluation: Design and procedures. Technical Report 1062, Lincoln Laboratory. MIT (2001)

    Google Scholar 

  4. Quinlan, J.R.: Learning efficient classification procedures and their application to chess and games. In: Machine Learning: An artificial intelligence approach, Springer, Palo Alto (1983)

    Google Scholar 

  5. Breiman, L., Stone, C.J., Olshen, R.A., Friedman, J.H.: Classification and Regresion Trees. Statistics-Probability Series. Brooks/Cole, Monterey (1984)

    Google Scholar 

  6. Komorowski, J., Polkowski, L., Skowron, A.: Rough sets: A tutorial. In: Rough- Fuzzy Hybridization: A New Method for Decision Making, Springer, Heidelberg (1998)

    Google Scholar 

  7. Axelsson, S.: Aspects of the modelling and performance of intrusion detection. Department of Computer Engineering, Chalmers University of Technology (2000) (Thesis for the degree of Licentiate of Engineering)

    Google Scholar 

  8. Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Transactions on Information and System Security 2, 295–331 (1999)

    Article  Google Scholar 

  9. Lane, T., Brodley, C.E.: Data Reduction Techniques for Instance-Based Learning from Human/Computer Interface Data. In: Proceedings of the 17th International Conference on Machine Learning, pp. 519–526. Morgan Kaufmann, San Francisco (2000)

    Google Scholar 

  10. Knop, M.W., Schopf, J.M., Dinda, P.A.: Windows performance monitoring and data reduction using watchtower and argus. Technical Report Technical Report NWU-CS-01-6, Department of Computer Science, Northwestern University (2001)

    Google Scholar 

  11. Rencher, A.: Methods in Multivariate Analysis. Wiley & Sons, New York (1995)

    Google Scholar 

  12. Marin, J.A., Ragsdale, D., Surdu, J.: A hybrid approach to profile creation and intrusion detection. In: Proc. of DARPA Information Survivability Conference and Exposition, IEEE Computer Society, Los Alamitos (2001)

    Google Scholar 

  13. Johnson, D.S.: Approximation algorithms for combinatorial problems. Journal of Computer and System Sciences 9, 256–278 (1974)

    Article  MATH  MathSciNet  Google Scholar 

  14. Viterbo, S., Øhrn, A.: Minimal approximate hitting sets and rule templates. International Journal of Approximate Reasoning 25, 123–143 (2000)

    Article  MathSciNet  Google Scholar 

  15. Øhrn, A., Komorowski, J.: ROSETTA: A Rough Set Toolkit for Analysis of Data. In: Wong, P. (ed.) Proceedings of the Third International Joint Conference on Information Sciences, Durham, NC, USA. Department of Electrical and Computer Engineering, vol. 3, pp. 403–407. Duke University (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Intelligent Systems, ITESM–Monterrey, Eugenio Garza Sada 2501, Monterrey, 64849, Mexico

    Fernando Godínez

  2. DFKI, Saarbrücken University, Stuhlsatzenhausweg 3, D-66123, Saarbrücken, Germany

    Dieter Hutter

  3. Department of Computer Science, ITESM–Estado de México, Carr. Lago de Guadalupe, Km. 3.5, Estado de México, 52926, Mexico

    Raúl Monroy

Authors
  1. Fernando Godínez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dieter Hutter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raúl Monroy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, CICESE Research Center, Ensenada, México

    Jesús Favela

  2. Facultad de Informática, Universidad Politécnica de Madrid., Campus de Montegancedo s/n, 28660, Boadilla del Monte (Madrid), Spain

    Ernestina Menasalvas

  3. Escuela de Ciencias Físico-Matemáticas, Universidad Michoacana de San Nicolás de Hidalgo,, Av.Francisco J. Mujica, Morelia - Michoacán, México

    Edgar Chávez

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Godínez, F., Hutter, D., Monroy, R. (2004). Attribute Reduction for Effective Intrusion Detection. In: Favela, J., Menasalvas, E., Chávez, E. (eds) Advances in Web Intelligence. AWIC 2004. Lecture Notes in Computer Science(), vol 3034. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24681-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24681-7_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22009-1

  • Online ISBN: 978-3-540-24681-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation