Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Toward Modeling Lightweight Intrusion Detection System Through Correlation-Based Hybrid Feature Selection

  • Conference paper
Information Security and Cryptology (CISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3822))

Included in the following conference series:

Abstract

Modeling IDS have been focused on improving detection model(s) in terms of (i) detection model design based on classification algorithm, clustering algorithm, and soft computing techniques such as Artificial Neural Networks (ANN), Hidden Markov Model (HMM), Support Vector Machines (SVM), K-means clustering, Fuzzy approaches and so on and (ii) feature selection through wrapper and filter approaches. However these approaches require large overhead due to heavy computations for both feature selection and cross validation method to minimize generalization errors. In addition selected feature set varies according to detection model so that they are inefficient for modeling lightweight IDS. Therefore this paper proposes a new approach to model lightweight Intrusion Detection System (IDS) based on a new feature selection approach named Correlation-based Hybrid Feature Selection (CBHFS) which is able to significantly decrease training and testing times while retaining high detection rates with low false positives rates as well as stable feature selection results. The experimental results on KDD 1999 intrusion detection datasets show the feasibility of our approach to enable one to modeling lightweight IDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detect Multi-Stage Network Attacks. In: Proc. of the 36th Hawaii Int. Conf. on System Science, pp. 334–343. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  2. Hall, M.A.: Correlation-based Feature Selection for Discrete and Numeric Class Machine Learning. In: Proc. of the 17th Int. Conf. on Machine Learning, pp. 359–366. Morgan Kaufmann Publishers Inc, San Francisco (2000)

    Google Scholar 

  3. Dash, M., Liu, H., Motoda, H.: Consistency Based Feature Selection. Proc. of the 4th Pacific Asia Conf. on Knowledge Discovery and Data Mining, 98–109 (2000)

    Google Scholar 

  4. Almuallim, H., Dietterich, T.G.: Learning Boolean Concepts in the Presence of Many Irrelevant Features. In: Artificial Intelligence, vol. 69, pp. 279–305. Elsevier Science Publishers Ltd, Amsterdam (1994)

    Google Scholar 

  5. Holland, J.H.: Adaptation in Natural and Artificial Systems. University of Michigan Press, Ann Arbor (1975)

    Google Scholar 

  6. Fugate, M., Gattiker, J.R.: Anomaly detection enhanced classification in computer intrusion detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, p. 186. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Nguyen, B.V.: An Application of Support Vector Machines to Anomaly Detection (2002), available at, http://www.math.ohiou.edu/~vnguyen/papers/IDS_SVM.pdf

  8. Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anomaly Detection in Computer Security. In: Proc. of the 2003 Int. Conf. on Machine Learning and Application, pp. 168–174. CSREA Press (2003)

    Google Scholar 

  9. Cannady, J.: Artificial Neural Network for Misuse detection. In: Proc. of the 1998 National Information System Security Conference, pp. 443–356 (1998)

    Google Scholar 

  10. Chapelle, O., Vapnik, V., Bousquet, O., Mukherjee, S.: Choosing Multiple Parameters for Support Vector Machines. In: Machine Learning, vol. 46(1), pp. 131–159. Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

  11. Duan, K., Keerthi, S.S., Poo, A.N.: Evaluation of Simple Performance Measures for Tuning SVM Hyperparameters. Neurocomputing 51, 41–59 (2003)

    Article  Google Scholar 

  12. Cup, K.D.D. (1999), Data. available, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  13. Open Source WEKA Project.: available http://www.cs.waikato.ac.nz/ml/weka/index.html

  14. Liu, H., Yu, L.: Toward Integrating Feature Selection Algorithms for Classification and Clustering. IEEE Trans. on Knowledge and Data Engineering 17(3), 1–12 (2005)

    Article  MATH  Google Scholar 

  15. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Sym. on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)

    Chapter  Google Scholar 

  16. Kim, D.S., Nguyen, H.-N., Ohn, S.-Y., Park, J.-S.: Fusions of GA and SVM for anomaly detection in intrusion detection system. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Vapnik, V.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)

    MATH  Google Scholar 

  18. Fayyad, U., Irani, K.: Multi-interval discretization of continuos attributes as preprocessing for classification learning. In: Proc. of the 13th Int. Join Conf. on Artificial Intelligence, pp. 1022–1027. Morgan Kaufmann Publishers, San Francisco (1993)

    Google Scholar 

  19. Press, W.H., Flannery, B.P., Teukolsky, S.A., Vetterling, W.T.: Numerical recipes in C. Cambridge University Press, Cambridge (1988)

    Google Scholar 

  20. Chebrolu, S., Abraham, A., Thomas, J.P.: Data Reduction and Data Classification in an Intrusion Detection System. In: Proc. of 2004 South Central Information Security Symposium (2004)

    Google Scholar 

  21. Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. J. of Intelligent Data Analysis (2004)

    Google Scholar 

  22. Kim, D.S., Park, J.S.: Network-based Intrusion Detection with Support Vector Machines. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)

    Google Scholar 

  23. Mitchell, M.: Introduction to Genetic Algorithms. MIT press, Cambridge (1999)

    Google Scholar 

  24. Michalewicz, Z.: Genetic Algorithms + Data Structures = Evolution Programs, 3rd edn. Springer, Heidelberg (1996)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, Hankuk Aviation University,  

    Jong Sou Park, Khaja Mohammad Shazzad & Dong Seong Kim

Authors
  1. Jong Sou Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khaja Mohammad Shazzad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. State Key Laboratory of Information Security, Institution of Software of Chinese Academy of Sciences, 100080, Beijing, China

    Dengguo Feng

  2. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, J.S., Shazzad, K.M., Kim, D.S. (2005). Toward Modeling Lightweight Intrusion Detection System Through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_24

Download citation

  • DOI: https://doi.org/10.1007/11599548_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30855-3

  • Online ISBN: 978-3-540-32424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation