Abstract
One of the most crucial development phases of a network intrusion detection system is the feature selection one. A poorly chosen set of features may lead to a significant drop in the detection rate, regardless of the employed detection method. Despite its importance, we believe, that this research area lacks of comprehensive studies. Our research proposes a model for mining the best features that can be extracted directly from the network packets, by ranking them against their statistical properties during the normal and intrusive stages. As proof of concept, we study the performance of 673 network features while considering a set of 180 different tuning parameters. The main contribution of this work is that it proposes a ranking mechanism to evaluate the effectiveness of features against different types of attacks, and that it suggests a pool of features that could be used to improve the detection process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
KDD 99. The fifth international conference on knowledge discovery and data mining. Website (last accessed October 2005), http://kdd.ics.uci.edu
DARPA. Darpa intrusion detection and evaluation dataset 1999. Website (last accessed February 2006), http://www.ll.mit.edu
Das, K.: The development of stealthy attacks to evaluate intrusion detection systems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 2000)
Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.: Data mining for network intrusion detection. In: Proceedings of NSF Workshop on Next Generation Data Mining, Baltimore, MD, pp. 21–30 (November 2002)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Dokas, P., Kumar, V., Srivastava, J.: Detection of novel network attacks using data mining. In: ICDM Workshop on Data Mining for Computer Security (DMSEC), Melbourne, FL, pp. 30–39 (November 19, 2003)
Gibson, H.R.: Elementary statistics. In: Wm. C. Brown Publishers, Dubuque, Iowa (1994)
Kendall, K.: A database of computer attacks for the evaluation of intrusion detection syetems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 1999)
Korba, J.: Windows nt attacks for the evaluation of intrusion detection syetems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 2000)
Lippmann, R.P., Cunningham, R.K.: Guide to creating stealthy attacks doe the 1999 darpa off-line intrusion detection evaluation. Project Report IDDE-1, MIT Lincoln Laboratory (June 1999)
Zincir-Heywood, A.N., Lichodzijewski, P., Heywood, M.I.: Dynamic intrusion detection using self-organizing maps. In: Proceedings of the 14th Annual Canadian Information Technology Security Symposium - CITSS (May 2002), http://www.sdl.sri.com/projects/emerald/live-traffic.html
Powers, A.: Behavior-based ids: Overview and deployment methodology. White Paper Lancope, Inc., 3155 Royal Drive, Building 100, Alpharetta, Georgia 30022, USA (2003), http://www.lancope.com
Thomas, J.P., Chebrolu, S., Abraham, A.: Hybrid feature selection for modeling intrusion detection systems. In: Pal, N.R., Kasabov, N., Mudi, R.K., Pal, S., Parui, S.K. (eds.) ICONIP 2004. LNCS, vol. 3316, pp. 1020–1025. Springer, Heidelberg (2004)
Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of the IEEE Symposium on Applications and the Internet, January 2003, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)
Viorel, O.-I., Ghorbani, A.A.: A feature classification scheme for network intrusion detection. In: Proceedings of the International Journal of Network Security, vol. 5, pp. 1–15 (July 2007)
Stolfo, S.J., Lee, W., Mok, K.W.: Mining in a data-flow environment: Experience in network intrusion detection. In: Proceedings of the 5 International Conference on Knowledge Discovery and Data Mining, pp. 114–124 (1999)
Walpole, R.E.: Elementary Statistical Concepts. In: Macmillan (ed.) 2nd edn. (1983)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Onut, IV., Ghorbani, A.A. (2007). Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-75496-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75495-4
Online ISBN: 978-3-540-75496-1
eBook Packages: Computer ScienceComputer Science (R0)