Defining Generic Attributes for IDS Classification

Authors

  • Hamid H. Jebur Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia
  • Mohd Aizaini Maarof Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia
  • Anazida Zainal Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia

DOI:

https://doi.org/10.11113/jt.v74.1375

Keywords:

Intrusion detection, accuracy, feature selection, classification

Abstract

Detection accuracy of Intrusion Detection System (IDS) depends on classifying network traffic based on data features. Using all features for classification consumes more computation time and computer resources. Some of these features may be redundant and irrelevant therefore, they affect the detection of traffic anomalies and the overall performance of the IDS. The literature proposed different algorithms and techniques to define the most relevant sets of features of KDD cup 1999 that can achieve high detection accuracy and maintain the same performance as the total data features. However, all these algorithms and techniques did not produce optimal solutions even when they utilized same datasets. In this paper, a new approach is proposed to analyze the researches that have been conducted on KDD cup 1999 for features selection to define the possibility of determining effective generic features of the common dataset KDD cup 1999 for constructing an efficient classification model. The approach does not rely on algorithms, which shortens the computational cost and reduces the computer resources. The essence of the approach is based on selecting the most frequent features of each class and all classes in all researches, then a threshold is used to define the most significant generic features. The results revealed two sets of features containing 7 and 8 features. The classification accuracy by using eight features is almost the same as using all dataset features.

References

Srinivasan, N. & Vaidehi, V. 2007. Reduction of False Alarm Rate in Detecting Network Anomaly Using Mahalanobis Distance and Similarity Measure. Signal Processing, Communications and Networking, 2007. ICSCN'07. International Conference on. 2007: IEEE. 366–371.

Zaman, S. & Karray, F. 2009. Collaborative Architecture for Distributed Intrusion Detection System. Computational Intelligence for Security and Defense Applications. CISDA 2009. IEEE Symposium on. 2009: IEEE. 1–7.

Ghali, N. I. 2009. Feature Selection for Effective Anomaly-based Intrusion Detection. IJCSNS International Journal of Computer Science and Network Security. 9: 285–289.

Wang, W., Gombault, S. & Guyet, T. 2008. Towards Fast Detecting Intrusions: Using Key Attributes of Network Traffic. Internet Monitoring and Protection, 2008. ICIMP'08. The Third International Conference on. 2008: IEEE. 86–91.

Hall, M. A. & Holmes, G. 2003. Benchmarking Attribute Selection Techniques for Discrete Class Data Mining. Knowledge and Data Engineering, IEEE Transactions on. 15: 1437–1447.

Münz, G., Li, S. & Carle, G. 2007. Traffic Anomaly Detection Using K-Means Clustering. Proc. of Leistungs-, Zuverlässigkeits-und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen. 4.

Pernkopf, F. 2005. Bayesian Network Classifiers Versus Selective k-NN Classifier. Pattern Recognition. 38: 1–10.

Mahoney, M. V. & Chan, P. K. 2003. Learning Rules for Anomaly Detection of Hostile Network Traffic. Data Mining, 2003. ICDM 2003. Third IEEE International Conference on, 2003: IEEE, 601–604.

Li, Y., Wang, R., Xu, J., Yang, G. & Zhao, B. 2009. Intrusion Detection Method Based on Fuzzy Hidden Markov Model. Fuzzy Systems and Knowledge Discovery, 2009. FSKD'09. Sixth International Conference on. 2009: IEEE. 470–474.

Zhang, Y., Han, Z. & Ren, J. 2009. A Network Anomaly Detection Method Based on Relative Entropy Theory. Electronic Commerce and Security. ISECS'09. Second International Symposium on. 2009: IEEE. 231–235.

Han, L. 2010. Research and Implementation of an Anomaly Detection Model Based on Clustering Analysis. Intelligence Information Processing and Trusted Computing (IPTC), 2010 International Symposium on. 2010: IEEE. 458–462.

Kabir, M. M., Shahjahan, M. & Murase, K. 2007. A Backward Feature Selection by Creating Compact Neural Network Using Coherence Learning and Pruning. Journal ref: Journal of Advanced Computational Intelligence and Intelligent Informatics. 11: 570–581.

Kent, A., Fisk, M. & Gavrilov, E. 2010. Network Host Classification Using Statistical Analysis of Flow Data.

Brugger, S. T. & Chow, J. 2007. An Assessment of the DARPA IDS Evaluation Dataset using Snort. UCDAVIS Department of Computer Science. 1: 2007.

Brown, C., Cowperthwaite, A., Hijazi, A. & Somayaji, A. 2009. Analysis of the 1999 Darpa/Lincoln Laboratory Ids Evaluation Data with Netadhict. Computational Intelligence for Security and Defense Applications, CISDA 2009. IEEE Symposium on. 2009: IEEE, 1–7.

Miller, M. 1999. Learning Cost-sensitive Classification Rules for Network Intrusion Detection Using Ripper.

Farid, D. M., Darmont, J., Harbi, N., Nguyen, H. H. & Rahman, M. Z. 2009. Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification. Proceedings of the International Conference on Computer Systems Engineering (ICCSE 2009).

Xuren, W. & Famei, H. 2006. Improving Intrusion Detection Performance Using Rough Set Theory and Association Rule Mining. Hybrid Information Technology, 2006. ICHIT'06. International Conference on. 2006: IEEE. 114–119.

Porto-Díaz, I., Martínez-Rego, D., Alonso-Betanzos, A., & Fontenla-Romero, O. 2009. Combining Feature Selection and Local Modelling in the KDD cup 99 dataset. In Artificial Neural Networks–ICANN 2009. Springer Berlin Heidelberg. 824–833.

Shrivastava, A., Baghel, M., Gupta, H. 2013. A Novel Hybrid Feature Selection and Intrusion Detection Based On PCNN and Support Vector Machine. Int.J.Computer Technology & Applications. 4(6).

Aggarwal, M., Amrita. 2013. Performance Analysis of Different Feature Selection Methods in Intrusion Detection. International Journal of Scientific & Technology Research. 2(6).

Mahoney, M. V. 2003. Network Traffic Anomaly Detection Based on Packet Bytes. Proceedings of the 2003 ACM symposium on Applied computing, 2003: ACM, 346–350.

Mukkamala, S., Janoski, G., & Sung, A. 2002. Intrusion Detection: Support Vector Machines and Neural Networks. In Proceedings of the IEEE international joint conference on neural networks (ANNIE). 1702–1707.

Mukkamala, S. & Sung, A. H. 2003. Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Transportation Research Record: Journal of the Transportation Research Board. 1822: 33–39.

Chebrolu, S., Abraham, A. & Thomas, J. P. 2005. Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers & Security. 24: 295–307.

Zainal, A., Maarof, M. A. & Shamsuddin, S. M. 2006. Feature Selection Using Rough Set in Intrusion Detection. TENCON 2006. 2006 IEEE Region 10 Conference. 2006: IEEE. 1–4.

Zainal, A., Maarof, M. A. & Shamsuddin, S. M. 2009. Ensemble Classifiers for Network Intrusion Detection System. Journal of Information Assurance and Security. 4: 217–225.

Wa'el, M., Agiza, H. N. & Radwan, E. 2009. Intrusion Detection Using Rough Sets Based Parallel Genetic Algorithm Hybrid Model. Proceedings of the World Congress on Engineering and Computer Science.

Othman, Z. A., Bakar, A. A. & Etubal, I. 2010. Improving Signature Detection Classification Model Using Features Selection Based on Customized Features. Intelligent Systems Design and Applications (ISDA), 2010 10th International Conference on. 2010: IEEE. 1026–1031.

Olusola, A. A., Oladele, A. S. & Abosede, D. O. 2010. Analysis of KDD’99 Intrusion Detection Dataset for Selection of Relevance Features. Proceedings of the World Congress on Engineering and Computer Science. 20–22.

Revathi, M. & Ramesh, T. 2011. Network Intrusion Detection System Using Reduced Dimensionality. Indian Journal of Computer Science and Engineering. 2: 61–67.

Srinivasulu, P., Prasad, R. S. & Babu, I. R. 2010. Intelligent Network Intrusion Detection Using DT and BN Classification Techniques. Int. J. Advance. Soft Comput. Appl. 2: 124–141.

Chen, R. C., Cheng, K. F., Chen, Y. H. & Hsieh, C. F. 2009. Using Rough Set and Support Vector Machine for Network Intrusion Detection System. Intelligent Information and Database Systems, 2009. ACIIDS 2009. First Asian Conference on. 2009: IEEE. 465–470.

Hlaing, T. 2012. Feature Selection and Fuzzy Decision Tree for Network Intrusion Detection. International Journal of Informatics and Communication Technology (IJ-ICT). 1(2): 109–118.

Alomari, O., & Othman, Z. A. 2012. Bees Algorithm for Feature Selection in Network Anomaly Detection. Journal of Applied Sciences Research. 8(3): 1748–1756.

Chung, Y. Y., & Wahid, N. 2012. A Hybrid Network Intrusion Detection System Using Simplified Swarm Optimization (SSO). Applied Soft Computing. 12(9): 3014–3022.

Pundir, S. L., Amrita. 2013. Feature Selection Using Random Forest In Intrusion Detection System. International Journal of Advances in Engineering & Technology. 6(3): 1319–1324

Devaraju, S., & Ramakrishnan, S. (2014). Performance Comparison For Intrusion Detection System Using Neural Network With Kdd Dataset. ICTACT Journal on Soft Computing. l: 4(3).

Madbouly, A. I., Gody, A. M., & Barakat, T. M. 2014. Relevant Feature Selection Model Using Data Mining for Intrusion Detection System. arXiv preprint arXiv:1403.7726

Parvin, H., Minaei, B., Beigi, A., & Helmi, H. 2011. Classification Ensemble by Genetic Algorithms. In Adaptive and Natural Computing Algorithms. Springer Berlin Heidelberg. 391–399.

Li, X. 2014. Attribute Selection Methods in Rough Set Theory. Master thesis, San Josй State University.

Khalaf, I. A., Abualkishik, A. M., Aburomman, A. A., Reaz, I., & Bin, M. 2013. Two Features Selection Algorithms Based on Ensemble of SVM Classifier for Intrusion Detection. Australian Journal of Basic & Applied Sciences. 7(7).

Raut, A. S., Singh K. R. 2014. Feature Selection for Anomaly-Based Intrusion Detection using Rough Set Theory. In International Conference on Industrial Automation and Computing (ICIAC) April, 2014.

Revathi, S. Malathi, A. 2013. Network Intrusion Detection Using Hybrid Simplified Swarm Optimization Technique. International Journal of P2P Network Trends and Technology (IJPTT). 3(8).

Downloads

Published

2015-04-12

How to Cite

H. Jebur, H., Maarof, M. A., & Zainal, A. (2015). Defining Generic Attributes for IDS Classification. Jurnal Teknologi, 74(1). https://doi.org/10.11113/jt.v74.1375

Issue

Section

Science and Engineering