A comparative study of use of shannon, rényi and tsallis entropy for attribute selecting in network intrusion detection

  • Authors:

  • Christiane F. L. Lima;Francisco M. de Assis;Cleonilson Protásio de Souza

  • Affiliations:

  • Department of Education, Federal Institute of Maranhão, São Luís, MA, Brazil;Department of Electrical Engineering, Federal University of Campina Grande, Campina Grande, PB, Brazil;Department of Electrical Engineering, Federal University of Paraíba, João Pessoa, PB, Brazil

  • Venue:
  • IDEAL'12 Proceedings of the 13th international conference on Intelligent Data Engineering and Automated Learning
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Intrusion Detection Systems of computer networks carry out their detection capabilities observing a set of attributes coming from the network traffic. Such a set may be very large. However, some attributes are irrelevant, redundant or even noisy, so that their usage may also decrease the detection intrusion efficiency. Therefore, the primary problem of identifying an optimal attribute subset is the choice of the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy compared with Shannon entropy in order to obtain an optimal attribute subset which increases the detection capability to classify the traffic as normal or as suspicious. Additionally, we studied an ensemble approach that combines the attributes selected by Rényi, Tsallis and Shannon information measures. The empirical results demonstrated that by applying an attribution selection approach based on Rényi or Tsallis entropies not only do the number of attributes and processing time are reduced but also the clustering models can be builded with a better performance (or at least remains the same) than that built with a complete set of attributes.