Quantitative Intrusion Intensity Assessment Using Important Feature Selection and Proximity Metrics

2009 15th IEEE Pacific Rim International Symposium on Dependable Computing Pub Date : 2009-11-16 DOI:10.1109/PRDC.2009.29

Sang Min Lee, Dong Seong Kim, Y. Yoon, Jong Sou Park

{"title":"Quantitative Intrusion Intensity Assessment Using Important Feature Selection and Proximity Metrics","authors":"Sang Min Lee, Dong Seong Kim, Y. Yoon, Jong Sou Park","doi":"10.1109/PRDC.2009.29","DOIUrl":null,"url":null,"abstract":"The problem of previous approaches in anomaly detection in Intrusion Detection System (IDS) is to provide only binary detection result; intrusion or normal. This is a main cause of high false rates and inaccurate detection rates in IDS. In this paper, we propose a new approach named Quantitative Intrusion Intensity Assessment (QIIA). QIIA exploits feature selection and proximity metrics computation so that it provides intrusion (or normal) quantitative intensity value. It is capable of representing how an instance of audit data is proximal to intrusion or normal in the form of a numerical value. Prior to applying QIIA to audit data, we perform feature selection and parameters optimization of detection model in order not only to decrease the overheads to process audit data but also to enhance detection rates. QIIA then is performed using Random Forest (RF) and it generates proximity metrics which represent the intrusion intensity in a numerical way. The numerical values are used to determine whether unknown audit data is intrusion or normal. We carry out several experiments on KDD 1999 dataset and show the evaluation results.","PeriodicalId":356141,"journal":{"name":"2009 15th IEEE Pacific Rim International Symposium on Dependable Computing","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 15th IEEE Pacific Rim International Symposium on Dependable Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2009.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

The problem of previous approaches in anomaly detection in Intrusion Detection System (IDS) is to provide only binary detection result; intrusion or normal. This is a main cause of high false rates and inaccurate detection rates in IDS. In this paper, we propose a new approach named Quantitative Intrusion Intensity Assessment (QIIA). QIIA exploits feature selection and proximity metrics computation so that it provides intrusion (or normal) quantitative intensity value. It is capable of representing how an instance of audit data is proximal to intrusion or normal in the form of a numerical value. Prior to applying QIIA to audit data, we perform feature selection and parameters optimization of detection model in order not only to decrease the overheads to process audit data but also to enhance detection rates. QIIA then is performed using Random Forest (RF) and it generates proximity metrics which represent the intrusion intensity in a numerical way. The numerical values are used to determine whether unknown audit data is intrusion or normal. We carry out several experiments on KDD 1999 dataset and show the evaluation results.

查看原文本刊更多论文

基于重要特征选择和接近度量的入侵强度定量评估

在入侵检测系统(IDS)中，以往的异常检测方法存在只提供二进制检测结果的问题;入侵或正常。这是IDS的高误检率和不准确检出率的主要原因。本文提出了一种新的入侵强度定量评估方法(QIIA)。QIIA利用特征选择和接近度量计算，从而提供入侵(或正常)定量强度值。它能够以数值的形式表示审计数据实例是接近入侵还是正常。在将QIIA应用于审计数据之前，我们对检测模型进行了特征选择和参数优化，不仅可以减少处理审计数据的开销，还可以提高检测率。然后使用随机森林(RF)进行QIIA，并生成以数值方式表示入侵强度的接近度量。该数值用于判断未知审计数据是入侵还是正常。在KDD 1999数据集上进行了多次实验，并给出了评价结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 15th IEEE Pacific Rim International Symposium on Dependable Computing

自引率

0.00%

发文量