Skip to main content
SpringerLink
Log in

A Comparative Study of Use of Shannon, Rényi and Tsallis Entropy for Attribute Selecting in Network Intrusion Detection

  • Conference paper
Book cover Intelligent Data Engineering and Automated Learning - IDEAL 2012 (IDEAL 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7435))

Abstract

Intrusion Detection Systems of computer networks carry out their detection capabilities observing a set of attributes coming from the network traffic. Such a set may be very large. However, some attributes are irrelevant, redundant or even noisy, so that their usage may also decrease the detection intrusion efficiency. Therefore, the primary problem of identifying an optimal attribute subset is the choice of the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy compared with Shannon entropy in order to obtain an optimal attribute subset which increases the detection capability to classify the traffic as normal or as suspicious. Additionally, we studied an ensemble approach that combines the attributes selected by Rényi, Tsallis and Shannon information measures. The empirical results demonstrated that by applying an attribution selection approach based on Rényi or Tsallis entropies not only do the number of attributes and processing time are reduced but also the clustering models can be builded with a better performance (or at least remains the same) than that built with a complete set of attributes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Crosbie, M., Spafford, E.: Defending a computer system using autonomous agents. Department of Computer Sciences, Purdue University, CSD-TR-95-022; Coast TR 95-02 (1995)

    Google Scholar 

  2. Estévez, P.A., Tesmer, M., Perez, C.A., Zurada, J.M.: Normalized mutual information feature selection. IEEE Tran. on Neural Networks 20(2), 189–201 (2009)

    Article  Google Scholar 

  3. Rényi, A.: On measures of entropy and information. In: Proc. the 4th Berkeley Symposium on Math. Statistics and Prob., pp. 547–561. Univ. of California Press, Berkeley (1960)

    Google Scholar 

  4. Tsallis, C.: Possible generalization of boltzmann-gibbs statistics. Journal of Statistical Physics 52(1-2), 479–487 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  5. Shannon, C.E.: A mathematical theory of communication. Bell Systems Technical Journal 27, 623–656 (1948)

    MathSciNet  Google Scholar 

  6. Quinlan, J.R.: C4.5 Programs for Machine Learning. Morgan Kaufmann Publishers, San Diego (1993)

    Google Scholar 

  7. Kdd cup 99 intrusion detection data set (retrieved March 01, 2010), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  8. MacQueen, J.B.: Some methods for classification and analysis of multivariate observations. In: Le Cam, L.M., Neyman, J. (eds.) Proc. of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, University of California Press, vol. 1, pp. 281–297 (1967)

    Google Scholar 

  9. Hochbaum, D.S., Shmoys, D.B.: A best possible heuristic for the k-center problem. Mathematics of Operations Research 10(2), 180–184 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  10. Han, J., Kamber, M.: Data Mining: Concepts and Techniques, 2nd edn. Morgan Kaufmann Publishers Inc., San Francisco (2006)

    MATH  Google Scholar 

  11. Liu, H., Yu, L.: Toward integrating feature selection algorithms for classification and clustering. IEEE Tran. on Knowledge and Data Engineering 17, 491–502 (2005)

    Article  Google Scholar 

  12. Quinlan, J.R.: Induction of decision trees. Machine Learning 1(1), 81–106 (1986)

    Google Scholar 

  13. Lima, C.F.L., de Assis, F.M., Souza, C.P.: Decision tree based on shannon, renyi and tsallis entropies for intrusion tolerant systems. In: Fifth International Conference on Internet Monitoring and Protection, pp. 117–122 (May 2010)

    Google Scholar 

  14. Tsallis, C.: Nonextensive statistics: Theoretical, experimental and computational evidences and connections. Brazilian Journal of Physics 29, 1–35 (1999)

    Article  Google Scholar 

  15. Furuichi, S.: Information theoretical properties of tsallis entropies. Journal of Mathematical Physics 47(2) (2006), http://link.aip.org/link/?JMP/47/023302/1

  16. Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations, 2nd edn. Morgan Kaufmann Publishers, California (2005)

    Google Scholar 

  17. Kaufman, L., Rousseeuw, P.: Finding Groups in Data An Introduction to Cluster Analysis. Wiley Interscience, New York (1990)

    Book  Google Scholar 

  18. Fawcett, T.: An introduction to ROC analysis. Pattern Recognition Letters 27(8), 861–874 (2006), http://dx.doi.org/10.1016/j.patrec.2005.10.010

    Article  MathSciNet  Google Scholar 

  19. Sabhnani, M., Serpen, G.: Why machine learning algorithms fail in misuse detection on kdd intrusion detection data set. Intell. Data Anal. 8, 403–415 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Education, Federal Institute of Maranhão, São Luís, MA, Brazil

    Christiane F. L. Lima

  2. Department of Electrical Engineering, Federal University of Campina Grande, Campina Grande, PB, Brazil

    Francisco M. de Assis

  3. Department of Electrical Engineering, Federal University of Paraíba, João Pessoa, PB, Brazil

    Cleonilson Protásio de Souza

Authors
  1. Christiane F. L. Lima
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francisco M. de Assis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cleonilson Protásio de Souza
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, The University of Manchester, M13 9PL, Manchester, UK

    Hujun Yin

  2. Department of Electrical Engineering, Federal University of Rio Grande do Norte, Lagoa Nova, 59072-970, Natal, RN, Brazil

    José A. F. Costa

  3. Department of Teleinformatics Engineering, Federal University of Ceará, Campus of Pici, CP 6005, 60455-760, Fortaleza, CE, Brazil

    Guilherme Barreto

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lima, C.F.L., de Assis, F.M., de Souza, C.P. (2012). A Comparative Study of Use of Shannon, Rényi and Tsallis Entropy for Attribute Selecting in Network Intrusion Detection. In: Yin, H., Costa, J.A.F., Barreto, G. (eds) Intelligent Data Engineering and Automated Learning - IDEAL 2012. IDEAL 2012. Lecture Notes in Computer Science, vol 7435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32639-4_60

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32639-4_60

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32638-7

  • Online ISBN: 978-3-642-32639-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation