Features vs. attacks: a comprehensive feature selection model for network based intrusion detection systems

Authors:
Iosif-Viorel Onut;Ali A. Ghorbani
Affiliations:
Information Security Centre of Excellence, Faculty of Computer Science, University of New Brunswick, Canada;Information Security Centre of Excellence, Faculty of Computer Science, University of New Brunswick, Canada
Venue:
ISC'07 Proceedings of the 10th international conference on Information Security
Year:
2007

Citing 2
Cited 0

Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the most crucial development phases of a network intrusion detection system is the feature selection one. A poorly chosen set of features may lead to a significant drop in the detection rate, regardless of the employed detection method. Despite its importance, we believe, that this research area lacks of comprehensive studies. Our research proposes a model for mining the best features that can be extracted directly from the network packets, by ranking them against their statistical properties during the normal and intrusive stages. As proof of concept, we study the performance of 673 network features while considering a set of 180 different tuning parameters. The main contribution of this work is that it proposes a ranking mechanism to evaluate the effectiveness of features against different types of attacks, and that it suggests a pool of features that could be used to improve the detection process.