A Novel Feature Selection for Intrusion Detection in Virtual Machine Environments

2011 IEEE 23rd International Conference on Tools with Artificial Intelligence Pub Date : 2011-11-07 DOI:10.1109/ICTAI.2011.138

Malak Alshawabkeh, J. Aslam, D. Kaeli, Jennifer G. Dy

{"title":"A Novel Feature Selection for Intrusion Detection in Virtual Machine Environments","authors":"Malak Alshawabkeh, J. Aslam, D. Kaeli, Jennifer G. Dy","doi":"10.1109/ICTAI.2011.138","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDSs) are continuously evolving, with the goal of improving the security of computer infrastructures. However, one of the most significant challenges in this area is the poor detection rate, due to the presence of excessive features in a data set whose class distributions are imbalanced. Despite the relatively long existence and the promising nature of feature selection methods, most of them fail to account for imbalance class distributions, particularly, for intrusion data, leading to poor predictions for minority class samples. In this paper, we propose a new feature selection algorithm to enhance the accuracy of IDS of virtual server environments. Our algorithm assigns weights to subsets of features according to the maximized area under the ROC curve (AUC) margin it induces during the boosting process over the minority and the majority examples. The best subset of features is then selected by a greedy search strategy. The empirical experiments are carried out on multiple intrusion data sets using different commercial virtual appliances and real malwares.","PeriodicalId":332661,"journal":{"name":"2011 IEEE 23rd International Conference on Tools with Artificial Intelligence","volume":"120 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 23rd International Conference on Tools with Artificial Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTAI.2011.138","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Intrusion detection systems (IDSs) are continuously evolving, with the goal of improving the security of computer infrastructures. However, one of the most significant challenges in this area is the poor detection rate, due to the presence of excessive features in a data set whose class distributions are imbalanced. Despite the relatively long existence and the promising nature of feature selection methods, most of them fail to account for imbalance class distributions, particularly, for intrusion data, leading to poor predictions for minority class samples. In this paper, we propose a new feature selection algorithm to enhance the accuracy of IDS of virtual server environments. Our algorithm assigns weights to subsets of features according to the maximized area under the ROC curve (AUC) margin it induces during the boosting process over the minority and the majority examples. The best subset of features is then selected by a greedy search strategy. The empirical experiments are carried out on multiple intrusion data sets using different commercial virtual appliances and real malwares.

查看原文本刊更多论文

一种新的虚拟机入侵检测特征选择方法

入侵检测系统(ids)不断发展，其目标是提高计算机基础设施的安全性。然而，该领域最重要的挑战之一是低检测率，这是由于在类分布不平衡的数据集中存在过多的特征。尽管特征选择方法的存在时间相对较长，并且具有很好的性质，但它们中的大多数都无法解释类分布的不平衡，特别是对于入侵数据，导致对少数类样本的预测较差。本文提出了一种新的特征选择算法，以提高虚拟服务器环境入侵检测的准确性。我们的算法根据在少数和多数示例的增强过程中所诱导的ROC曲线(AUC)边缘下的最大面积为特征子集分配权重。然后通过贪婪搜索策略选择最佳特征子集。利用不同的商业虚拟设备和真实恶意软件在多个入侵数据集上进行了实证实验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 IEEE 23rd International Conference on Tools with Artificial Intelligence

自引率

0.00%

发文量