{"title":"基于粗糙集理论的流入侵检测特征选择","authors":"Frank Beer, Ulrich Bühler","doi":"10.1109/ICNSC.2017.8000162","DOIUrl":null,"url":null,"abstract":"The flow standards NetFlow/IPFIX are available in many packet forwarding devices permitting to monitor networks in a scalable fashion. Based on these potentials, flow-based intrusion detection became more pronounced as it can be seamlessly integrated with respect to operational aspects. Exploiting these flow exporting techniques, recent years revealed promising research results, but mainly focusing on point solutions such as botnet or brute-force detection. Only few attempts tried to endeavor a general flow-based intrusion detector, and thus little is known about meaningful flow features and their ability to classify various attack types efficiently. In this paper, we work towards these challenges and seek for valuable features derivable from NetFlow/IPFIX data using Rough Set Theory. Moreover, the combination of flow features and log events is studied to further boost accuracy. Employing Machine Learning techniques, results show the obtained feature sets detect classic and modern attacks.","PeriodicalId":145129,"journal":{"name":"2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Feature selection for flow-based intrusion detection using Rough Set Theory\",\"authors\":\"Frank Beer, Ulrich Bühler\",\"doi\":\"10.1109/ICNSC.2017.8000162\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The flow standards NetFlow/IPFIX are available in many packet forwarding devices permitting to monitor networks in a scalable fashion. Based on these potentials, flow-based intrusion detection became more pronounced as it can be seamlessly integrated with respect to operational aspects. Exploiting these flow exporting techniques, recent years revealed promising research results, but mainly focusing on point solutions such as botnet or brute-force detection. Only few attempts tried to endeavor a general flow-based intrusion detector, and thus little is known about meaningful flow features and their ability to classify various attack types efficiently. In this paper, we work towards these challenges and seek for valuable features derivable from NetFlow/IPFIX data using Rough Set Theory. Moreover, the combination of flow features and log events is studied to further boost accuracy. Employing Machine Learning techniques, results show the obtained feature sets detect classic and modern attacks.\",\"PeriodicalId\":145129,\"journal\":{\"name\":\"2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNSC.2017.8000162\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNSC.2017.8000162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Feature selection for flow-based intrusion detection using Rough Set Theory
The flow standards NetFlow/IPFIX are available in many packet forwarding devices permitting to monitor networks in a scalable fashion. Based on these potentials, flow-based intrusion detection became more pronounced as it can be seamlessly integrated with respect to operational aspects. Exploiting these flow exporting techniques, recent years revealed promising research results, but mainly focusing on point solutions such as botnet or brute-force detection. Only few attempts tried to endeavor a general flow-based intrusion detector, and thus little is known about meaningful flow features and their ability to classify various attack types efficiently. In this paper, we work towards these challenges and seek for valuable features derivable from NetFlow/IPFIX data using Rough Set Theory. Moreover, the combination of flow features and log events is studied to further boost accuracy. Employing Machine Learning techniques, results show the obtained feature sets detect classic and modern attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
