Abstract
Current Intrusion Detection Systems (IDS) examine a large number of data features to detect intrusion or misuse patterns. Some of the features may be redundant or with a little contribution to the detection process. The purpose of this study is to identify important input features in building an IDS that are computationally efficient and effective. This paper proposes and investigates a selection of effective network parameters for detecting network intrusions that are extracted from Tcpdump DARPA1998 dataset. Here PCA method is used to determine an optimal feature set. An appropriate feature set helps to build efficient decision model as well as to reduce the population of the feature set. Feature reduction will speed up the training and the testing process for the attack identification system considerably. Tcpdump of DARPA1998 intrusion dataset was used in the experiments as the test data. Experimental results indicate a reduction in training and testing time while maintaining the detection accuracy within tolerable range.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ng, W.W.Y., Rocky, K.C., Chang, Daniel, Yeung, S.: Dimensionality Reduction for Denial of Service Detection Problems Using RBFNN Output Sensitivity. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, Wan, November 2-5 (2003)
Guyon, I., Elisseeff, A.: An Introduction to Variable and Feature Selection. J. Machine Learning Research 3, 1157–1182 (2003)
Chou, T.S., Yen, K.K., Luo, J.: Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms. J. Computational Intelligence 4(3), 196–208 (2008)
Sabahi, F., Movaghar, A.: Intrusion Detection: A Survey. In: 3rd international conference on system and network communication, ICSNC 2008, pp. 23–26 (2008)
Zargar, G., Kabiri, P.: Identification of Effective Network Feature for Probing Attack Detection. In: First International Conference on Network Digital Technologies (NDT 2009), pp. 392–397 (2009)
Chebrolu, S., Abraham, A., Thomas, J.: Feature Deduction and Ensemble Design of Intrusion Detection Systems. J. Computers and Security 24(4), 295–307 (2005)
Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: International Symposium on Applications and the Internet (SAINT), pp. 209–216 (2003)
Agrawal, R., Gehrke, J., Gunopulos, D., Raghavan, P.: Automatic Subspace Clustering of High dimensional Data for Data Mining applications. In: ACMSIGMOD International Conference on Management of Data, Seattle, WA, pp. 94–105 (1998)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: SAINT, pp. 209–217 (2003)
Sung, A.H., Mukkamala, S.: The Feature Selection and Intrusion Detection Problems. In: Maher, M.J. (ed.) ASIAN 2004. LNCS, vol. 3321, pp. 468–482. Springer, Heidelberg (2004)
Chakraborty, B.: Feature Subset Selection by Neurorough Hybridization. LNCS, pp. 519–526. Springer, Heidelberg (2005)
Hassan, A., Nabi Baksh, M.S., Shaharoun, A.M., Jamaluddin, H.: Improved SPC Chart Pattern Recognition Using Statistical Feature. J. of Production Research 41(7), 1587–1603 (2003)
Vapnik, V.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)
Hassanzadeh, A., Sadeghian, B.: Intrusion Detection with Data Correlation Relation Graph. In: Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 982–989 (2008)
Christopher, L., Schuba, V., Ivan, Krsul, et al.: Analysis of a denial of service attack on TCP. In: The IEEE Symposium on Security and Privacy, p. 208 (1997)
A Tutorial on Principal Component Analysis: Derivation, Discussion and Singular Value Decomposition, http://www.dgp.toronto.edu/~aranjan/tuts/pca.pdf
Wang, W., Battiti, R.: Identifying Intrusions in Computer Networks based on Principal Component Analysis (2009), http://eprints.biblio.unitn.it/archive/00000917/ (as visited on January 20, 2009)
Golub, G.H., Van Loan, C.F.: Matrix Computation. Johns Hopkins Univ. Press, Baltimore (1996)
Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, NY (2002)
Han, J., Kamber, M.: Data Mining: Concepts and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2006)
http://www.wireshark.org (as visited on January 29, 2009)
Knowledge discovery in databases DARPA archive. Task Description, http://www.kdd.ics.uci.edu/databases/kddcup99/task.html (as visited on January 15, 2009)
http://www.Tcpdump.org (as visited on January 28, 2009)
MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/ideval/ (as visited on January 27, 2009)
Lee, W.: A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia (1999)
http://www.wireshark.org/docs/man-ages/editcap.html (as visited on January 20, 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zargar, G.R., Kabiri, P. (2010). Selection of Effective Network Parameters in Attacks for Intrusion Detection. In: Perner, P. (eds) Advances in Data Mining. Applications and Theoretical Aspects. ICDM 2010. Lecture Notes in Computer Science(), vol 6171. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14400-4_50
Download citation
DOI: https://doi.org/10.1007/978-3-642-14400-4_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14399-1
Online ISBN: 978-3-642-14400-4
eBook Packages: Computer ScienceComputer Science (R0)