Skip to main content
SpringerLink
Log in

Improving Network Intrusion Detection with Extended KDD Features

  • Chapter
  • First Online:
IAENG Transactions on Engineering Technologies

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 247))

Abstract

In order to analyze results of anomaly detection methods for Network Intrusion Detection Systems, the DARPA KDD data set have been widely analyzed but their data are outdated for most kinds of attacks. A software called Spleen designed to get data from a tested network with the same structure of DARPA data set is introduced. The application is used to complete the data set with additional features according to an attack analysis. Finally, to show advantages of an extended data set, two genetic methods in the detection of non-content based attacks are tested.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Garuba M, Liu C, Fraites D (2008) Intrusion techniques: comparative study of network intrusion detection systems. In: 5th international conference on information technology: new generations, 2008. ITNG 2008, pp 592–598, 7–9 Apr 2008, doi: 10.1109/ITNG.2008.231

  2. Ashfaq S, Farooq MU, Karim A (2006) Efficient rule generation for cost-sensitive misuse detection using genetic algorithms. In: 2006 international conference on computational intelligence and security, vol 1, pp 282–285, Nov 2006

    Google Scholar 

  3. Shun J, Malki HA (2008) Network intrusion detection system using neural networks. In: 4th international conference on natural computation, 2008, ICNC’08, vol 5, pp 242–246, Oct 2008

    Google Scholar 

  4. Devaraju S, Ramakrishnan S (2011) Performance analysis of intrusion detection system using various neural network classifiers. In: 2011 international conference on recent trends in information technology (ICRTIT), pp 1033–1038, June 2011

    Google Scholar 

  5. Momenzadeh A, Javadi HHS, Dezfouli MA (2009) Design an efficient system for intrusion detection via evolutionary fuzzy system. In: 11th international conference on computer modelling and simulation, 2009, UKSIM’09, pp 89–94, March 2009

    Google Scholar 

  6. Kim DS, Nguyen H-N, Park JS (2005) Genetic algorithm to improve svm based network intrusion detection system. In: 19th international conference on advanced information networking and applications, 2005, AINA 2005, vol 2, pp 155–158, March 2005

    Google Scholar 

  7. Ahmed A, Lisitsa A, Dixon C (2011) A misuse-based network intrusion detection system using temporal logic and stream processing. In: 5th international conference on network and system security (NSS), 2011, pp 1–8, Sept 2011

    Google Scholar 

  8. Spafford EH, Kumar S A pattern matching model for misuse intrusion detection. Department of computer science

    Google Scholar 

  9. MIT Lincoln Laboratory (1999) Darpa intrusion detection data sets

    Google Scholar 

  10. Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK, Lippmann RP, Fried DJ, Zissman MA (1999) Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. Lincoln Laboratory MIT, 244 Wood Street, Lexington, MA 02173-9108, p 15, 1999

    Google Scholar 

  11. Sabhnani M, Serpen G Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set. The University of Toledo

    Google Scholar 

  12. Vasudevan AR, Harshini E, Selvakumar S (2011) Ssenet-2011: a network intrusion detection system dataset and its comparison with kdd cup 99 dataset. In: 2nd Asian Himalayas international conference on internet (AH-ICI), pp 1–5, Nov 2011

    Google Scholar 

  13. Munafo MM, Mellia M (2008) Tstat measures: Tcp statistics an analysis tool

    Google Scholar 

  14. Haines JW, Rossey LM, Lippmann RP, Cunningham RK (2001) Extending the darpa off-line intrusion detection evaluations. In: Proceedings of DARPA Information Survivability Conference Exposition II, 2001, DISCEX’01, vol 1, pp 35–45

    Google Scholar 

  15. Guillen E, Rodríguez J, Paez R, Rodríguez A (2012) Detection of non-content based attacks using GA with extended KDD features. In: Proceedings of the world congress on engineering and computer science 2012, WCECS 2012, 24–26 Oct 2012, San Francisco, USA, pp 30–35

    Google Scholar 

  16. Abdullah B, Abd-alghafar I, Salama GI, Abd-alhafez A (2009) Performance evaluation of a genetic algorithm based approach to network intrusion detection system. In: 13th international conference on aerospace sciences and aviation technology, Military Technical College, Kobry Elkobbah, Cairo, Egypt

    Google Scholar 

  17. Shannon CE, Weaver W, Blahut RE (1949) The mathematical theory of communication, vol 117. University of Illinois press, Urbana

    Google Scholar 

  18. Kayacik HG, Zincir-Heywood AN, Heywood MI (2006) Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion Detection Datasets. Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova Scotia, 2006

    Google Scholar 

  19. Fowdar J, Crockett K, Bandar Z, O’Shea J (2005) On the use of fuzzy trees for solving classification problems with numeric outcomes. In: The 14th IEEE international conference on fuzzy systems, 2005, FUZZ ‘05, pp 436, 25–25 May 2005

    Google Scholar 

  20. Information Sciences Institute University of Southern California. Rfc 793. transmission control protocol. Defense Advanced Research Projects Agency, 1981

    Google Scholar 

  21. Hernández-Pereira E, Suárez-Romero JA, Fontenla-Romero O, Alonso-Betanzos A (2009) Conversion methods for symbolic features: a comparison applied to an intrusion detection problem. Expert Syst Appl 36(7):10612–10617

    Article  Google Scholar 

  22. Nmap (2012) Port scanning techniques: nmap reference guide, May 2012

    Google Scholar 

  23. Holland J (1975) Adaptation in natural and artificial. The University of Michigan Press, Ann Arbor

    Google Scholar 

  24. Holland JH et al (2000) What is a learning classifier system? In: Lanzi PL, Stolzmann W, Wilson SW (eds) Learning classifier systems, from foundations to applications. Springer-Verlag, London, pp 3–32

    Chapter  Google Scholar 

Download references

Acknowledgments

This work was possible with the support of Military University Doctoral Support Program, and Javeriana University Doctoral Program.

Author information

Authors and Affiliations

  1. Telecomunications Engineering Department, Military University “Nueva Granada”, Cra 11 No. 101-80, Bogotá, Colombia

    Edward Paul Guillén & Jhordany Rodríguez Parra

  2. Systems Engineering Department, Javeriana University, Cra 7 # 40-62, Bogotá, Colombia

    Rafael Vicente Paéz Mendez

Authors
  1. Edward Paul Guillén
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jhordany Rodríguez Parra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafael Vicente Paéz Mendez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Edward Paul Guillén .

Editor information

Editors and Affiliations

  1. Computer & Communication Dean of Engineering College, Catholic University of DaeGu Engineering College, DaeGu, Korea, Republic of (South Korea)

    Haeng Kon Kim

  2. Unit 1, 1/F, International Association of Engineers, Hong Kong, Hong Kong SAR

    Sio-Iong Ao

  3. College of Engineering, California State Polytechnic University, Pomona, California, USA

    Mahyar A. Amouzegar

  4. Abt. Linguistische Datenverarbeitung, Universität Trier Inst.Computerlinguistik, Trier, Germany

    Burghard B. Rieger

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Guillén, E.P., Rodríguez Parra, J., Paéz Mendez, R.V. (2014). Improving Network Intrusion Detection with Extended KDD Features. In: Kim, H., Ao, SI., Amouzegar, M., Rieger, B. (eds) IAENG Transactions on Engineering Technologies. Lecture Notes in Electrical Engineering, vol 247. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-6818-5_30

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-6818-5_30

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-6817-8

  • Online ISBN: 978-94-007-6818-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation