Improving Network Intrusion Detection with Extended KDD Features

  • Edward Paul Guillén
  • Jhordany Rodríguez Parra
  • Rafael Vicente Paéz Mendez
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 247)


In order to analyze results of anomaly detection methods for Network Intrusion Detection Systems, the DARPA KDD data set have been widely analyzed but their data are outdated for most kinds of attacks. A software called Spleen designed to get data from a tested network with the same structure of DARPA data set is introduced. The application is used to complete the data set with additional features according to an attack analysis. Finally, to show advantages of an extended data set, two genetic methods in the detection of non-content based attacks are tested.


Adaptative algorithm Genetic algorithms Information security Intrusion detection Machine learning TCPIP 



This work was possible with the support of Military University Doctoral Support Program, and Javeriana University Doctoral Program.


  1. 1.
    Garuba M, Liu C, Fraites D (2008) Intrusion techniques: comparative study of network intrusion detection systems. In: 5th international conference on information technology: new generations, 2008. ITNG 2008, pp 592–598, 7–9 Apr 2008, doi:  10.1109/ITNG.2008.231
  2. 2.
    Ashfaq S, Farooq MU, Karim A (2006) Efficient rule generation for cost-sensitive misuse detection using genetic algorithms. In: 2006 international conference on computational intelligence and security, vol 1, pp 282–285, Nov 2006Google Scholar
  3. 3.
    Shun J, Malki HA (2008) Network intrusion detection system using neural networks. In: 4th international conference on natural computation, 2008, ICNC’08, vol 5, pp 242–246, Oct 2008Google Scholar
  4. 4.
    Devaraju S, Ramakrishnan S (2011) Performance analysis of intrusion detection system using various neural network classifiers. In: 2011 international conference on recent trends in information technology (ICRTIT), pp 1033–1038, June 2011Google Scholar
  5. 5.
    Momenzadeh A, Javadi HHS, Dezfouli MA (2009) Design an efficient system for intrusion detection via evolutionary fuzzy system. In: 11th international conference on computer modelling and simulation, 2009, UKSIM’09, pp 89–94, March 2009Google Scholar
  6. 6.
    Kim DS, Nguyen H-N, Park JS (2005) Genetic algorithm to improve svm based network intrusion detection system. In: 19th international conference on advanced information networking and applications, 2005, AINA 2005, vol 2, pp 155–158, March 2005Google Scholar
  7. 7.
    Ahmed A, Lisitsa A, Dixon C (2011) A misuse-based network intrusion detection system using temporal logic and stream processing. In: 5th international conference on network and system security (NSS), 2011, pp 1–8, Sept 2011Google Scholar
  8. 8.
    Spafford EH, Kumar S A pattern matching model for misuse intrusion detection. Department of computer scienceGoogle Scholar
  9. 9.
    MIT Lincoln Laboratory (1999) Darpa intrusion detection data setsGoogle Scholar
  10. 10.
    Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Lippmann RP, Fried DJ, Zissman MA (1999) Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. Lincoln Laboratory MIT, 244 Wood Street, Lexington, MA 02173-9108, p 15, 1999Google Scholar
  11. 11.
    Sabhnani M, Serpen G Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set. The University of ToledoGoogle Scholar
  12. 12.
    Vasudevan AR, Harshini E, Selvakumar S (2011) Ssenet-2011: a network intrusion detection system dataset and its comparison with kdd cup 99 dataset. In: 2nd Asian Himalayas international conference on internet (AH-ICI), pp 1–5, Nov 2011Google Scholar
  13. 13.
    Munafo MM, Mellia M (2008) Tstat measures: Tcp statistics an analysis toolGoogle Scholar
  14. 14.
    Haines JW, Rossey LM, Lippmann RP, Cunningham RK (2001) Extending the darpa off-line intrusion detection evaluations. In: Proceedings of DARPA Information Survivability Conference Exposition II, 2001, DISCEX’01, vol 1, pp 35–45Google Scholar
  15. 15.
    Guillen E, Rodríguez J, Paez R, Rodríguez A (2012) Detection of non-content based attacks using GA with extended KDD features. In: Proceedings of the world congress on engineering and computer science 2012, WCECS 2012, 24–26 Oct 2012, San Francisco, USA, pp 30–35Google Scholar
  16. 16.
    Abdullah B, Abd-alghafar I, Salama GI, Abd-alhafez A (2009) Performance evaluation of a genetic algorithm based approach to network intrusion detection system. In: 13th international conference on aerospace sciences and aviation technology, Military Technical College, Kobry Elkobbah, Cairo, EgyptGoogle Scholar
  17. 17.
    Shannon CE, Weaver W, Blahut RE (1949) The mathematical theory of communication, vol 117. University of Illinois press, UrbanaGoogle Scholar
  18. 18.
    Kayacik HG, Zincir-Heywood AN, Heywood MI (2006) Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion Detection Datasets. Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova Scotia, 2006Google Scholar
  19. 19.
    Fowdar J, Crockett K, Bandar Z, O’Shea J (2005) On the use of fuzzy trees for solving classification problems with numeric outcomes. In: The 14th IEEE international conference on fuzzy systems, 2005, FUZZ ‘05, pp 436, 25–25 May 2005Google Scholar
  20. 20.
    Information Sciences Institute University of Southern California. Rfc 793. transmission control protocol. Defense Advanced Research Projects Agency, 1981Google Scholar
  21. 21.
    Hernández-Pereira E, Suárez-Romero JA, Fontenla-Romero O, Alonso-Betanzos A (2009) Conversion methods for symbolic features: a comparison applied to an intrusion detection problem. Expert Syst Appl 36(7):10612–10617CrossRefGoogle Scholar
  22. 22.
    Nmap (2012) Port scanning techniques: nmap reference guide, May 2012Google Scholar
  23. 23.
    Holland J (1975) Adaptation in natural and artificial. The University of Michigan Press, Ann ArborGoogle Scholar
  24. 24.
    Holland JH et al (2000) What is a learning classifier system? In: Lanzi PL, Stolzmann W, Wilson SW (eds) Learning classifier systems, from foundations to applications. Springer-Verlag, London, pp 3–32CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  • Edward Paul Guillén
    • 1
  • Jhordany Rodríguez Parra
    • 1
  • Rafael Vicente Paéz Mendez
    • 2
  1. 1.Telecomunications Engineering DepartmentMilitary University “Nueva Granada”BogotáColombia
  2. 2.Systems Engineering DepartmentJaveriana UniversityBogotáColombia

Personalised recommendations