Skip to main content
SpringerLink
Log in

Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems

  • Conference paper
Information Security (ISC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4779))

Included in the following conference series:

Abstract

One of the most crucial development phases of a network intrusion detection system is the feature selection one. A poorly chosen set of features may lead to a significant drop in the detection rate, regardless of the employed detection method. Despite its importance, we believe, that this research area lacks of comprehensive studies. Our research proposes a model for mining the best features that can be extracted directly from the network packets, by ranking them against their statistical properties during the normal and intrusive stages. As proof of concept, we study the performance of 673 network features while considering a set of 180 different tuning parameters. The main contribution of this work is that it proposes a ranking mechanism to evaluate the effectiveness of features against different types of attacks, and that it suggests a pool of features that could be used to improve the detection process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. KDD 99. The fifth international conference on knowledge discovery and data mining. Website (last accessed October 2005), http://kdd.ics.uci.edu

  2. DARPA. Darpa intrusion detection and evaluation dataset 1999. Website (last accessed February 2006), http://www.ll.mit.edu

  3. Das, K.: The development of stealthy attacks to evaluate intrusion detection systems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 2000)

    Google Scholar 

  4. Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.: Data mining for network intrusion detection. In: Proceedings of NSF Workshop on Next Generation Data Mining, Baltimore, MD, pp. 21–30 (November 2002)

    Google Scholar 

  5. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Dokas, P., Kumar, V., Srivastava, J.: Detection of novel network attacks using data mining. In: ICDM Workshop on Data Mining for Computer Security (DMSEC), Melbourne, FL, pp. 30–39 (November 19, 2003)

    Google Scholar 

  6. Gibson, H.R.: Elementary statistics. In: Wm. C. Brown Publishers, Dubuque, Iowa (1994)

    Google Scholar 

  7. Kendall, K.: A database of computer attacks for the evaluation of intrusion detection syetems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 1999)

    Google Scholar 

  8. Korba, J.: Windows nt attacks for the evaluation of intrusion detection syetems. Master’s thesis, MIT Department of Electrical Engineering and Computer Science (June 2000)

    Google Scholar 

  9. Lippmann, R.P., Cunningham, R.K.: Guide to creating stealthy attacks doe the 1999 darpa off-line intrusion detection evaluation. Project Report IDDE-1, MIT Lincoln Laboratory (June 1999)

    Google Scholar 

  10. Zincir-Heywood, A.N., Lichodzijewski, P., Heywood, M.I.: Dynamic intrusion detection using self-organizing maps. In: Proceedings of the 14th Annual Canadian Information Technology Security Symposium - CITSS (May 2002), http://www.sdl.sri.com/projects/emerald/live-traffic.html

  11. Powers, A.: Behavior-based ids: Overview and deployment methodology. White Paper Lancope, Inc., 3155 Royal Drive, Building 100, Alpharetta, Georgia 30022, USA (2003), http://www.lancope.com

  12. Thomas, J.P., Chebrolu, S., Abraham, A.: Hybrid feature selection for modeling intrusion detection systems. In: Pal, N.R., Kasabov, N., Mudi, R.K., Pal, S., Parui, S.K. (eds.) ICONIP 2004. LNCS, vol. 3316, pp. 1020–1025. Springer, Heidelberg (2004)

    Google Scholar 

  13. Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of the IEEE Symposium on Applications and the Internet, January 2003, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  14. Viorel, O.-I., Ghorbani, A.A.: A feature classification scheme for network intrusion detection. In: Proceedings of the International Journal of Network Security, vol. 5, pp. 1–15 (July 2007)

    Google Scholar 

  15. Stolfo, S.J., Lee, W., Mok, K.W.: Mining in a data-flow environment: Experience in network intrusion detection. In: Proceedings of the 5 International Conference on Knowledge Discovery and Data Mining, pp. 114–124 (1999)

    Google Scholar 

  16. Walpole, R.E.: Elementary Statistical Concepts. In: Macmillan (ed.) 2nd edn. (1983)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Centre of Excellence, Faculty of Computer Science, University of New Brunswick, Fredericton NB E3B 5A3, Canada

    Iosif-Viorel Onut & Ali A. Ghorbani

Authors
  1. Iosif-Viorel Onut
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali A. Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Juan A. Garay Arjen K. Lenstra Masahiro Mambo René Peralta

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Onut, IV., Ghorbani, A.A. (2007). Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75496-1_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75495-4

  • Online ISBN: 978-3-540-75496-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation