Skip to main content
SpringerLink
Log in

The Feature Selection and Intrusion Detection Problems

  • Conference paper
Advances in Computer Science - ASIAN 2004. Higher-Level Decision Making (ASIAN 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3321))

Included in the following conference series:

Abstract

Cyber security is a serious global concern. The potential of cyber terrorism has posed a threat to national security; meanwhile the increasing prevalence of malware and incidents of cyber attacks hinder the utilization of the Internet to its greatest benefit and incur significant economic losses to individuals, enterprises, and public organizations. This paper presents some recent advances in intrusion detection, feature selection, and malware detection.

In intrusion detection, stealthy and low profile attacks that include only few carefully crafted packets over an extended period of time to delude firewalls and the intrusion detection system (IDS) have been difficult to detect. In protection against malware (trojans, worms, viruses, etc.), how to detect polymorphic and metamorphic versions of recognized malware using static scanners is a great challenge.

We present in this paper an agent based IDS architecture that is capable of detecting probe attacks at the originating host and denial of service (DoS) attacks at the boundary controllers. We investigate and compare the performance of different classifiers implemented for intrusion detection purposes. Further, we study the performance of the classifiers in real-time detection of probes and DoS attacks, with respect to intrusion data collected on a real operating network that includes a variety of simulated attacks.

Feature selection is as important for IDS as it is for many other modeling problems. We present several techniques for feature selection and compare their performance in the IDS application. It is demonstrated that, with appropriately chosen features, both probes and DoS attacks can be detected in real time or near real time at the originating host or at the boundary controllers.

We also briefly present some encouraging recent results in detecting polymorphic and metamorphic malware with advanced static, signature-based scanning techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Stolfo, J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM Project by Salvatore (1999)

    Google Scholar 

  2. Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No 1822, 33–39 (2003)

    Google Scholar 

  3. Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. International Journal on Digital Evidence, IJDE 3 (2003)

    Google Scholar 

  4. Denning, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  5. Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection. Technical Report CSD-TR-94-013. Purdue University (1994)

    Google Scholar 

  6. Staniford, S., Hoagland, J., McAlerney, J.: Practical Automated Detection of Stealthy Port scans. Journal of Computer Security 10(1/2), 105–136 (2002)

    Google Scholar 

  7. Basu, R., Cunningham, K.R., Webster, S.E., Lippmann, P.R.: Detecting Low-Profile Probes and Novel Denial of Service Attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance (2001)

    Google Scholar 

  8. Cristianini, N., Taylor, S.J.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  9. Friedman, J.H.: Multivariate Adaptive Regression Splines. Annals of Statistics 19, 1–141 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  10. Banzhaf, W., Nordin, P., Keller, E.R., Francone, F.D.: Genetic Programming: An Introduction on the Automatic Evolution of Computer Programs and its Applications. Morgan Kaufmann Publishers, Inc., San Francisco (1998)

    MATH  Google Scholar 

  11. Computer Science Department website, New Mexico Tech, USA, http://www.cs.nmt.edu

  12. Steinberg, D., Colla, P.L., Kerry, M.: MARS User Guide. Salford Systems, San Diego (1999)

    Google Scholar 

  13. Joachims, T.: Making Large-Scale SVM Learning Practical. LS8-Report. University of Dortmund (2000)

    Google Scholar 

  14. Joachims, T.: SVMlight is an Implementation of Support Vector Machines (SVMs) in C. In: Collaborative Research Center on Complexity Reduction in Multivariate Data (SFB475), University of Dortmund (2000)

    Google Scholar 

  15. Vladimir, V.N.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)

    MATH  Google Scholar 

  16. Sung, A.H., Mukkamala, S., Lassez, J.-L., Dawson, T.: Computationally Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. United States Patent Application No: 10/413,462, Pending (2003)

    Google Scholar 

  17. Mukkamala, S., Sung, A.H., Abraham, A.: Distributed Multi-Intelligent Agent Framework for Detection of Stealthy Probes. In: Third International Conference on Hybrid Intelligent Systems, Design and Application of Hybrid Intelligent Systems, pp. 116–125. IOS Press, Amsterdam (2003)

    Google Scholar 

  18. Mukkamala, S., Sung, A.H.: A Comparative Study of Techniques for Intrusion Detection. In: Proceedings of 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–579. IEEE Computer Society Press, Los Alamitos (2003)

    Chapter  Google Scholar 

  19. Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (1998)

    Google Scholar 

  20. Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, Massachusetts Institute of Technology (1998)

    Google Scholar 

  21. Brameier, M., Banzhaf, W.: A Comparison of Linear Genetic Programming and Neural Networks in Medical Data Mining. IEEE Transactions on Evolutionary Computation 5(1), 17–26 (2001)

    Article  Google Scholar 

  22. Sung, A.H., Xu, J., Ramamurthy, K., Chavez, P., Mukkamala, S., Sulaiman, T., Xie, T.: Static Analyzer for Vicious Executables (SAVE). Presented in Work-in-progress Section of IEEE Symposium on Security and Privacy (2004)

    Google Scholar 

  23. Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static Analyzer for Vicious Executables (SAVE). To appear in the Proceedings of 20th Annual Computer Security Applications Conference, ACSAC (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, New Mexico Tech, Socorro, NM, 87801, USA

    Andrew H. Sung & Srinivas Mukkamala

Authors
  1. Andrew H. Sung
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Srinivas Mukkamala
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. NICTA and UNSW, Sydney, Australia

    Michael J. Maher

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sung, A.H., Mukkamala, S. (2004). The Feature Selection and Intrusion Detection Problems. In: Maher, M.J. (eds) Advances in Computer Science - ASIAN 2004. Higher-Level Decision Making. ASIAN 2004. Lecture Notes in Computer Science, vol 3321. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30502-6_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30502-6_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24087-7

  • Online ISBN: 978-3-540-30502-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation