Abstract
Cyber security is a serious global concern. The potential of cyber terrorism has posed a threat to national security; meanwhile the increasing prevalence of malware and incidents of cyber attacks hinder the utilization of the Internet to its greatest benefit and incur significant economic losses to individuals, enterprises, and public organizations. This paper presents some recent advances in intrusion detection, feature selection, and malware detection.
In intrusion detection, stealthy and low profile attacks that include only few carefully crafted packets over an extended period of time to delude firewalls and the intrusion detection system (IDS) have been difficult to detect. In protection against malware (trojans, worms, viruses, etc.), how to detect polymorphic and metamorphic versions of recognized malware using static scanners is a great challenge.
We present in this paper an agent based IDS architecture that is capable of detecting probe attacks at the originating host and denial of service (DoS) attacks at the boundary controllers. We investigate and compare the performance of different classifiers implemented for intrusion detection purposes. Further, we study the performance of the classifiers in real-time detection of probes and DoS attacks, with respect to intrusion data collected on a real operating network that includes a variety of simulated attacks.
Feature selection is as important for IDS as it is for many other modeling problems. We present several techniques for feature selection and compare their performance in the IDS application. It is demonstrated that, with appropriately chosen features, both probes and DoS attacks can be detected in real time or near real time at the originating host or at the boundary controllers.
We also briefly present some encouraging recent results in detecting polymorphic and metamorphic malware with advanced static, signature-based scanning techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stolfo, J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM Project by Salvatore (1999)
Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No 1822, 33–39 (2003)
Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. International Journal on Digital Evidence, IJDEÂ 3 (2003)
Denning, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection. Technical Report CSD-TR-94-013. Purdue University (1994)
Staniford, S., Hoagland, J., McAlerney, J.: Practical Automated Detection of Stealthy Port scans. Journal of Computer Security 10(1/2), 105–136 (2002)
Basu, R., Cunningham, K.R., Webster, S.E., Lippmann, P.R.: Detecting Low-Profile Probes and Novel Denial of Service Attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance (2001)
Cristianini, N., Taylor, S.J.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)
Friedman, J.H.: Multivariate Adaptive Regression Splines. Annals of Statistics 19, 1–141 (1991)
Banzhaf, W., Nordin, P., Keller, E.R., Francone, F.D.: Genetic Programming: An Introduction on the Automatic Evolution of Computer Programs and its Applications. Morgan Kaufmann Publishers, Inc., San Francisco (1998)
Computer Science Department website, New Mexico Tech, USA, http://www.cs.nmt.edu
Steinberg, D., Colla, P.L., Kerry, M.: MARS User Guide. Salford Systems, San Diego (1999)
Joachims, T.: Making Large-Scale SVM Learning Practical. LS8-Report. University of Dortmund (2000)
Joachims, T.: SVMlight is an Implementation of Support Vector Machines (SVMs) in C. In: Collaborative Research Center on Complexity Reduction in Multivariate Data (SFB475), University of Dortmund (2000)
Vladimir, V.N.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)
Sung, A.H., Mukkamala, S., Lassez, J.-L., Dawson, T.: Computationally Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. United States Patent Application No: 10/413,462, Pending (2003)
Mukkamala, S., Sung, A.H., Abraham, A.: Distributed Multi-Intelligent Agent Framework for Detection of Stealthy Probes. In: Third International Conference on Hybrid Intelligent Systems, Design and Application of Hybrid Intelligent Systems, pp. 116–125. IOS Press, Amsterdam (2003)
Mukkamala, S., Sung, A.H.: A Comparative Study of Techniques for Intrusion Detection. In: Proceedings of 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 570–579. IEEE Computer Society Press, Los Alamitos (2003)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (1998)
Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, Massachusetts Institute of Technology (1998)
Brameier, M., Banzhaf, W.: A Comparison of Linear Genetic Programming and Neural Networks in Medical Data Mining. IEEE Transactions on Evolutionary Computation 5(1), 17–26 (2001)
Sung, A.H., Xu, J., Ramamurthy, K., Chavez, P., Mukkamala, S., Sulaiman, T., Xie, T.: Static Analyzer for Vicious Executables (SAVE). Presented in Work-in-progress Section of IEEE Symposium on Security and Privacy (2004)
Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static Analyzer for Vicious Executables (SAVE). To appear in the Proceedings of 20th Annual Computer Security Applications Conference, ACSAC (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sung, A.H., Mukkamala, S. (2004). The Feature Selection and Intrusion Detection Problems. In: Maher, M.J. (eds) Advances in Computer Science - ASIAN 2004. Higher-Level Decision Making. ASIAN 2004. Lecture Notes in Computer Science, vol 3321. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30502-6_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-30502-6_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24087-7
Online ISBN: 978-3-540-30502-6
eBook Packages: Computer ScienceComputer Science (R0)