A heuristic attack detection approach using the “least weighted” attributes for cyber security data

2017 Intelligent Systems Conference (IntelliSys) Pub Date : 2017-09-01 DOI:10.1109/INTELLISYS.2017.8324260

Loubna Dali, Kato Mivule, H. El-Sayed

{"title":"A heuristic attack detection approach using the “least weighted” attributes for cyber security data","authors":"Loubna Dali, Kato Mivule, H. El-Sayed","doi":"10.1109/INTELLISYS.2017.8324260","DOIUrl":null,"url":null,"abstract":"The continuous advance in recent cloud-based computer networks has generated a number of security challenges associated with intrusions in network systems. With the exponential increase in the volume of network traffic data, involvement of humans in such detection systems is time consuming and a non-trivial problem. Secondly, network traffic data tends to be highly dimensional, comprising of numerous features and attributes, making classification challenging and thus susceptible to the curse of dimensionality problem. Given such scenarios, the need arises for dimensional reduction, feature selection, combined with machine-learning techniques in the classification of such data. Therefore, as a contribution, this paper seeks to employ data mining techniques in a cloud-based environment, by selecting appropriate attributes and features with the least importance in terms of weight for the classification. Often the standard is to select features with better weights while ignoring those with least weights. In this study, we seek to find out if we can make prediction using those features with least weights. The motivation is that adversaries use stealth to hide their activities from the obvious. The question then is, can we predict any stealth activity of an adversary using the least observed attributes? In this particular study, we employ information gain to select attributes with the lowest weights and then apply machine learning to classify if a combination, in this case, of both source and destination ports are attacked or not. The motivation of this investigation is if attributes that are of least importance can be used to predict if an attack could occur. Our preliminary results show that even when the source and destination port attributes are used in combination with features with the least weights, it is possible to classify such network traffic data and predict if an attack will occur or not.","PeriodicalId":131825,"journal":{"name":"2017 Intelligent Systems Conference (IntelliSys)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Intelligent Systems Conference (IntelliSys)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INTELLISYS.2017.8324260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The continuous advance in recent cloud-based computer networks has generated a number of security challenges associated with intrusions in network systems. With the exponential increase in the volume of network traffic data, involvement of humans in such detection systems is time consuming and a non-trivial problem. Secondly, network traffic data tends to be highly dimensional, comprising of numerous features and attributes, making classification challenging and thus susceptible to the curse of dimensionality problem. Given such scenarios, the need arises for dimensional reduction, feature selection, combined with machine-learning techniques in the classification of such data. Therefore, as a contribution, this paper seeks to employ data mining techniques in a cloud-based environment, by selecting appropriate attributes and features with the least importance in terms of weight for the classification. Often the standard is to select features with better weights while ignoring those with least weights. In this study, we seek to find out if we can make prediction using those features with least weights. The motivation is that adversaries use stealth to hide their activities from the obvious. The question then is, can we predict any stealth activity of an adversary using the least observed attributes? In this particular study, we employ information gain to select attributes with the lowest weights and then apply machine learning to classify if a combination, in this case, of both source and destination ports are attacked or not. The motivation of this investigation is if attributes that are of least importance can be used to predict if an attack could occur. Our preliminary results show that even when the source and destination port attributes are used in combination with features with the least weights, it is possible to classify such network traffic data and predict if an attack will occur or not.

查看原文本刊更多论文

基于“最小加权”属性的网络安全数据启发式攻击检测方法

近年来基于云计算的计算机网络的不断发展产生了许多与网络系统入侵相关的安全挑战。随着网络流量数据量的指数级增长，人类参与此类检测系统是一个耗时且不平凡的问题。其次，网络流量数据具有高维性，包含大量的特征和属性，使得分类具有挑战性，容易受到维数问题的困扰。在这种情况下，需要在这些数据的分类中结合机器学习技术进行降维、特征选择。因此，作为一项贡献，本文寻求在基于云的环境中使用数据挖掘技术，通过选择权重最小的适当属性和特征进行分类。通常，标准是选择权重较高的特征，而忽略权重最小的特征。在这项研究中，我们试图找出我们是否可以使用那些权重最小的特征进行预测。这样做的动机是，对手使用隐身技术来隐藏他们的活动。接下来的问题是，我们能否利用最少被观察到的属性来预测对手的任何隐形活动?在这个特定的研究中，我们使用信息增益来选择权重最低的属性，然后应用机器学习来分类，在这种情况下，源端口和目的端口的组合是否受到攻击。这项调查的动机是，是否可以使用最不重要的属性来预测攻击是否可能发生。我们的初步结果表明，即使将源端口和目的端口属性与权重最小的特征结合使用，也可以对此类网络流量数据进行分类，并预测是否会发生攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 Intelligent Systems Conference (IntelliSys)

自引率

0.00%

发文量