Abstract
Intrusion Detection Systems of computer networks carry out their detection capabilities observing a set of attributes coming from the network traffic. Such a set may be very large. However, some attributes are irrelevant, redundant or even noisy, so that their usage may also decrease the detection intrusion efficiency. Therefore, the primary problem of identifying an optimal attribute subset is the choice of the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy compared with Shannon entropy in order to obtain an optimal attribute subset which increases the detection capability to classify the traffic as normal or as suspicious. Additionally, we studied an ensemble approach that combines the attributes selected by Rényi, Tsallis and Shannon information measures. The empirical results demonstrated that by applying an attribution selection approach based on Rényi or Tsallis entropies not only do the number of attributes and processing time are reduced but also the clustering models can be builded with a better performance (or at least remains the same) than that built with a complete set of attributes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Crosbie, M., Spafford, E.: Defending a computer system using autonomous agents. Department of Computer Sciences, Purdue University, CSD-TR-95-022; Coast TR 95-02 (1995)
Estévez, P.A., Tesmer, M., Perez, C.A., Zurada, J.M.: Normalized mutual information feature selection. IEEE Tran. on Neural Networks 20(2), 189–201 (2009)
Rényi, A.: On measures of entropy and information. In: Proc. the 4th Berkeley Symposium on Math. Statistics and Prob., pp. 547–561. Univ. of California Press, Berkeley (1960)
Tsallis, C.: Possible generalization of boltzmann-gibbs statistics. Journal of Statistical Physics 52(1-2), 479–487 (1988)
Shannon, C.E.: A mathematical theory of communication. Bell Systems Technical Journal 27, 623–656 (1948)
Quinlan, J.R.: C4.5 Programs for Machine Learning. Morgan Kaufmann Publishers, San Diego (1993)
Kdd cup 99 intrusion detection data set (retrieved March 01, 2010), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
MacQueen, J.B.: Some methods for classification and analysis of multivariate observations. In: Le Cam, L.M., Neyman, J. (eds.) Proc. of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, University of California Press, vol. 1, pp. 281–297 (1967)
Hochbaum, D.S., Shmoys, D.B.: A best possible heuristic for the k-center problem. Mathematics of Operations Research 10(2), 180–184 (1985)
Han, J., Kamber, M.: Data Mining: Concepts and Techniques, 2nd edn. Morgan Kaufmann Publishers Inc., San Francisco (2006)
Liu, H., Yu, L.: Toward integrating feature selection algorithms for classification and clustering. IEEE Tran. on Knowledge and Data Engineering 17, 491–502 (2005)
Quinlan, J.R.: Induction of decision trees. Machine Learning 1(1), 81–106 (1986)
Lima, C.F.L., de Assis, F.M., Souza, C.P.: Decision tree based on shannon, renyi and tsallis entropies for intrusion tolerant systems. In: Fifth International Conference on Internet Monitoring and Protection, pp. 117–122 (May 2010)
Tsallis, C.: Nonextensive statistics: Theoretical, experimental and computational evidences and connections. Brazilian Journal of Physics 29, 1–35 (1999)
Furuichi, S.: Information theoretical properties of tsallis entropies. Journal of Mathematical Physics 47(2) (2006), http://link.aip.org/link/?JMP/47/023302/1
Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations, 2nd edn. Morgan Kaufmann Publishers, California (2005)
Kaufman, L., Rousseeuw, P.: Finding Groups in Data An Introduction to Cluster Analysis. Wiley Interscience, New York (1990)
Fawcett, T.: An introduction to ROC analysis. Pattern Recognition Letters 27(8), 861–874 (2006), http://dx.doi.org/10.1016/j.patrec.2005.10.010
Sabhnani, M., Serpen, G.: Why machine learning algorithms fail in misuse detection on kdd intrusion detection data set. Intell. Data Anal. 8, 403–415 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lima, C.F.L., de Assis, F.M., de Souza, C.P. (2012). A Comparative Study of Use of Shannon, Rényi and Tsallis Entropy for Attribute Selecting in Network Intrusion Detection. In: Yin, H., Costa, J.A.F., Barreto, G. (eds) Intelligent Data Engineering and Automated Learning - IDEAL 2012. IDEAL 2012. Lecture Notes in Computer Science, vol 7435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32639-4_60
Download citation
DOI: https://doi.org/10.1007/978-3-642-32639-4_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32638-7
Online ISBN: 978-3-642-32639-4
eBook Packages: Computer ScienceComputer Science (R0)