Skip to main content
SpringerLink
Log in

Selection of Effective Network Parameters in Attacks for Intrusion Detection

  • Conference paper
Book cover Advances in Data Mining. Applications and Theoretical Aspects (ICDM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6171))

Included in the following conference series:

Abstract

Current Intrusion Detection Systems (IDS) examine a large number of data features to detect intrusion or misuse patterns. Some of the features may be redundant or with a little contribution to the detection process. The purpose of this study is to identify important input features in building an IDS that are computationally efficient and effective. This paper proposes and investigates a selection of effective network parameters for detecting network intrusions that are extracted from Tcpdump DARPA1998 dataset. Here PCA method is used to determine an optimal feature set. An appropriate feature set helps to build efficient decision model as well as to reduce the population of the feature set. Feature reduction will speed up the training and the testing process for the attack identification system considerably. Tcpdump of DARPA1998 intrusion dataset was used in the experiments as the test data. Experimental results indicate a reduction in training and testing time while maintaining the detection accuracy within tolerable range.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ng, W.W.Y., Rocky, K.C., Chang, Daniel, Yeung, S.: Dimensionality Reduction for Denial of Service Detection Problems Using RBFNN Output Sensitivity. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, Wan, November 2-5 (2003)

    Google Scholar 

  2. Guyon, I., Elisseeff, A.: An Introduction to Variable and Feature Selection. J. Machine Learning Research 3, 1157–1182 (2003)

    Article  MATH  Google Scholar 

  3. Chou, T.S., Yen, K.K., Luo, J.: Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms. J. Computational Intelligence 4(3), 196–208 (2008)

    Google Scholar 

  4. Sabahi, F., Movaghar, A.: Intrusion Detection: A Survey. In: 3rd international conference on system and network communication, ICSNC 2008, pp. 23–26 (2008)

    Google Scholar 

  5. Zargar, G., Kabiri, P.: Identification of Effective Network Feature for Probing Attack Detection. In: First International Conference on Network Digital Technologies (NDT 2009), pp. 392–397 (2009)

    Google Scholar 

  6. Chebrolu, S., Abraham, A., Thomas, J.: Feature Deduction and Ensemble Design of Intrusion Detection Systems. J. Computers and Security 24(4), 295–307 (2005)

    Article  Google Scholar 

  7. Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: International Symposium on Applications and the Internet (SAINT), pp. 209–216 (2003)

    Google Scholar 

  8. Agrawal, R., Gehrke, J., Gunopulos, D., Raghavan, P.: Automatic Subspace Clustering of High dimensional Data for Data Mining applications. In: ACMSIGMOD International Conference on Management of Data, Seattle, WA, pp. 94–105 (1998)

    Google Scholar 

  9. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: SAINT, pp. 209–217 (2003)

    Google Scholar 

  10. Sung, A.H., Mukkamala, S.: The Feature Selection and Intrusion Detection Problems. In: Maher, M.J. (ed.) ASIAN 2004. LNCS, vol. 3321, pp. 468–482. Springer, Heidelberg (2004)

    Google Scholar 

  11. Chakraborty, B.: Feature Subset Selection by Neurorough Hybridization. LNCS, pp. 519–526. Springer, Heidelberg (2005)

    Google Scholar 

  12. Hassan, A., Nabi Baksh, M.S., Shaharoun, A.M., Jamaluddin, H.: Improved SPC Chart Pattern Recognition Using Statistical Feature. J. of Production Research 41(7), 1587–1603 (2003)

    Article  Google Scholar 

  13. Vapnik, V.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)

    MATH  Google Scholar 

  14. Hassanzadeh, A., Sadeghian, B.: Intrusion Detection with Data Correlation Relation Graph. In: Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 982–989 (2008)

    Google Scholar 

  15. Christopher, L., Schuba, V., Ivan, Krsul, et al.: Analysis of a denial of service attack on TCP. In: The IEEE Symposium on Security and Privacy, p. 208 (1997)

    Google Scholar 

  16. A Tutorial on Principal Component Analysis: Derivation, Discussion and Singular Value Decomposition, http://www.dgp.toronto.edu/~aranjan/tuts/pca.pdf

  17. Wang, W., Battiti, R.: Identifying Intrusions in Computer Networks based on Principal Component Analysis (2009), http://eprints.biblio.unitn.it/archive/00000917/ (as visited on January 20, 2009)

  18. Golub, G.H., Van Loan, C.F.: Matrix Computation. Johns Hopkins Univ. Press, Baltimore (1996)

    Google Scholar 

  19. Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, NY (2002)

    MATH  Google Scholar 

  20. Han, J., Kamber, M.: Data Mining: Concepts and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2006)

    Google Scholar 

  21. http://www.wireshark.org (as visited on January 29, 2009)

  22. Knowledge discovery in databases DARPA archive. Task Description, http://www.kdd.ics.uci.edu/databases/kddcup99/task.html (as visited on January 15, 2009)

  23. http://www.Tcpdump.org (as visited on January 28, 2009)

  24. MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/ideval/ (as visited on January 27, 2009)

  25. Lee, W.: A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia (1999)

    Google Scholar 

  26. http://www.wireshark.org/docs/man-ages/editcap.html (as visited on January 20, 2009)

Download references

Author information

Authors and Affiliations

  1. Khouzestan Electric Power Distribution Company, Ahwaz, Iran

    Gholam Reza Zargar

  2. Iran University of Science and Technology / Intelligent Automation Laboratory, School of Computer Engineering, Tehran, Iran

    Peyman Kabiri

Authors
  1. Gholam Reza Zargar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peyman Kabiri
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Bildverarbeitung und angewandte Informatik, Körnerstr. 10, 04107, Leipzig, Deutschland

    Petra Perner

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zargar, G.R., Kabiri, P. (2010). Selection of Effective Network Parameters in Attacks for Intrusion Detection. In: Perner, P. (eds) Advances in Data Mining. Applications and Theoretical Aspects. ICDM 2010. Lecture Notes in Computer Science(), vol 6171. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14400-4_50

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14400-4_50

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14399-1

  • Online ISBN: 978-3-642-14400-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation