Effects-based feature identification for network intrusion detection

Neurocomputing

Volumn 121, Issue , 2013, Pages 265-273

  Louvieris, Panos ^a   Clewley, Natalie ^a   Liu, Xiaohui ^a  

^a BRUNEL UNIVERSITY   (United Kingdom)

Author keywords

Classification; Clustering; Decision trees; Feature selection; Intrusion detection

Indexed keywords

C4.5 DECISION TREES; CLUSTERING; FEATURE IDENTIFICATION; HIGH DEGREE OF ACCURACY; INTRUSION DETECTION SYSTEMS; K-MEANS CLUSTERING; NETWORK INTRUSION DETECTION; SITUATIONAL AWARENESS;

CLASSIFICATION (OF INFORMATION); CRIME; DECISION TREES; FEATURE EXTRACTION; INTRUSION DETECTION;

COMPUTER CRIME;

ACCURACY; ARTICLE; ARTIFICIAL NEURAL NETWORK; BAYESIAN LEARNING; CLASSIFICATION ALGORITHM; CLUSTER ANALYSIS; COMPUTER NETWORK; COMPUTER PROGRAM; COMPUTER SECURITY; DATA BASE; EFFECTS BASED FEATURE IDENTIFICATION; INFORMATION SYSTEM; KAPPA STATISTICS; KRUSKAL WALLIS TEST; NETWORK INTRUSION DETECTION; PARTITION COEFFICIENT; PRIORITY JOURNAL;

EID: 84884207884     PISSN: 09252312     EISSN: 18728286     Source Type: Journal    
DOI: 10.1016/j.neucom.2013.04.038     Document Type: Article

References (62)

1. Kellerman T. Cyber-threat proliferation: today's truly pervasive global epidemic. IEEE Secur. Privacy 2010, 8(3):70-73.
2. Sharma A. Cyber wars: a paradigm shift from means to ends. Strategic Anal. 2010, 34(1):62-73.
3. Denning P.J., Denning D.E. The profession of IT: discussing cyber attack. Commun. ACM 2010, 53(9):29-31.
4. Dlamini M., Eloff J.H.P., Eloff M.M. Information security: the moving target. Comput. Secur. 2009, 28(3-4):189-198.
5. Fuchsberger A. Intrusion detection systems and intrusion prevention systems. Inf. Secur. Tech. Rep. 2005, 10:134-139.
6. Patcha A., Park J.-M. An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Networks 2007, 51(12):3448-3470.
7. Faysel M.A., Haque S.S. Towards cyber defense: research in intrusion detection and intrusion prevention systems. IJCSNS 2010, 10(7):316-325.
8. de Souza J.T., Matwin S., Japkowicz N. Parallelizing feature selection. Algorithmica 2006, 45(3):433-456.
9. Li Y., Wang J., Tian Z., Luc T., Young C. Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Comput. Secur. 2009, 28(6):466-475.
10. Chebrolou S., Abraham A., Thomas J.P. Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 2005, 25:295-307.
11. Davis J.J., Clark A.J. Data preprocessing for anomaly based network intrusion detection: a review. Comput. Secur. 2011, 30(6-7):353-375.
12. Kumar G., Kumar K., Sachdeva M. The use of artificial intelligence based techniques for intrusion detection: a review. Artif. Intell. Rev. 2010, 34(4):369-387.
13. Beale J., Foster J.C., Posluns J. Snort 2.0 Intrusion Detection 2003, Syngress Publishing, Inc, Rockland.
14. Wu S.X., Banzhaf W. The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 2010, 10(2):1-35.
15. Peddabachigari P., Abraham A., Grosan C., Thomas J. Modeling intrusion detection system using hybrid intelligent systems. J. Network Comput. Appl. 2007, 30(1):114-132.
16. Zhou L., Jiang F. A rough set based decision tree algorithm and its application in intrusion detection pattern recognition and machine intelligence. Lect. Notes Comput. Sci. 2011, 6744/2011:333-338.
17. Urtubia A., Perez-Correa J.R., Soto A., Pszczolkowski P. Using data mining techniques to predict industrial wine problem fermentations. Food Control 2007, 18(1):1512-1517.
18. Hair J., Black W., Babin B., Anderson R., Tatham R. Multivariate Data Analysis 2006, Prentice Hall, Upper Saddle River, NJ.
19. Velmurugan T., Santhanam T. A survey of partition based clustering algorithms in data mining: an experimental approach. Inf. Technol. J. 2011, 10(3):478-484.
20. Bezdek J.C., Ehrlich R., Full W. FCM: the fuzzy c-means clustering algorithm. Comput. Geosci. 1984, 10(2-3):191-203.
21. J.B. MacQueen, Some methods for classification and analysis of multivariate observations, in: Proceedings of the Fifth Berkely Symposium on Mathematical Statistics and Probability, vol. 1, 1967, pp. 281-297.
22. H. Shah, J. Undercoffer, A. Joshi, Fuzzy clustering for intrusion detection, Fuzzy systems, 2003. FUZZ '03, in: The 12th IEEE International Conference on, vol. 2, pp. 1274-1278 vol. 2, 25-28 May 2003.
23. Xue Z., Shang Y., Feng A. Semi-supervised outlier detection based on fuzzy rough C-means clustering. Math. Comput. Simul 2010, 80(9):1911-1921.
24. Datta S., Giannella C.R., Kargupta H. Approximate distributed k-means clustering over a peer-to-peer network. IEEE Trans. Knowl. Data Eng. 2009, 21(10):1372-1388.
25. Y. Guan, A.A. Ghorbani, N. Belacel, Y-means: a clustering method for intrusion detection, in: Canadian Conference on Electrical and Computer Engineering, Montreal, Quebec, Canada, 2003, pp. 1-4.
26. Zhang Y., Lee W., Huang Y. Intrusion detection techniques for mobile. Wireless Networks, Wireless Networks 2003, 9(5):545-556.
27. Laskov P., Dussel P., Schafer C., Rieck K. Learning intrusion detection: supervised or unsupervised?. Image Anal. Process.-ICIAP 2005 2005, 3617:50-57.
28. Liu G., Li Z., Yang S. A hierarchical intrusion detection model based on the PCA neural networks. Neurocomputing 2007, 70(7-9):1561-1568.
29. N. Sengupta, J. Sen, J. Sil, M. Saha, Designing of an online intrusion detection system using rough set theory and Q learning algorithm, Neurocomputing 111 (2013) 161-168.
30. Yin C., Tian S., Mu S. High-order Markov kernals for intrusion detection. Neurocomputing 2008, 71(16-18):3247-3253.
31. P. Xie, J.H. Li, X. Ou, P. Liu, R. Levy, Using Bayesian networks for cyber security analysis, in: International Conference on Dependable Systems and Networks, 28 June-1 July 2010, pp. 211-220. 2010.
32. C. Kruegel, D. Mutz, W. Robertson, F. Valeur, Bayesian event classification for intrusion detection, in: Computer Security Applications Conference, 2003. Proceedings. 19th Annual 8-12 Dec. 2003, pp. 14-23.
33. García-Teodoro P., Díaz-Verdejo J., Maciá-Fernández G., Vázquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 2009, 28(1-2):18-28.
34. N. Ben Amor, A. Benferhat Rue, Z. Elouedi, Naïve Bayes. vs. decision trees, in: Symposium on Applied Computing Proceedings of the 2004 ACM Symposium on Applied Computing, 2004.
35. U. Premaratne, C. Ling, J. Samarabandu, T. Sidhu, Possibilistic decision trees for intrusion detection in IEC61850 automated substations, in: Proceedings of the 2009 International Conference on Industrial and Information Systems (ICIIS), Sri Lanka, December 2009, pp. 204-209.
36. Badran K., Rockett P. Multi-class pattern classification using single, multi-dimensional feature-space feature extraction evolved by multi-objective genetic programming and its application to network intrusion detection. Genet. Program. Evol. Mach. 2012, 13(1):33-36.
37. H.G. Kayacik, A.N.Z. Heywood, M.I. Heywood, Selecting features for intrusion detection: a feature relevance analysis on KDD99 intrusion detection data sets, in: Proceedings of the Third Annual Conference on Privacy, Security and Trust, Halifax, NS, Canada, October 2005.
38. Prasanta G., Bhattacharyya D.K., Borah B., Kalita J.K. A survey of outlier detection methods in network anomaly identification. Comput. J. 2011, 54(4):570-588.
39. Yang J., Olafsson S. Optimization-based feature selection with adaptive instance sampling,. Comput. Oper. Res. 2006, 33(11):3088-3106.
40. Sánchez-Maroño N., Alonso-Betanzos A., Calvo-Estévez R. A wrapper method for feature selection in multiple classes datasets, bio-inspired systems: computational and ambient intelligence. Lect. Notes Comput. Sci. 2009, 5517:456-463.
41. Tsai C., Lin C. A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit. 2010, 3(1):222-229.
42. Zhong S., Khoshgoftaar T.M., Seliya N. Clustering based intrusion detection,. Int. J. Reliab. Qual. Saf. Eng. 2007, 14(2):169-187.
43. L. Portnoy, E. Eskin, S. Stolfo, Intrusion Detection with Unlabeled Data Using Clustering, in ACM Workshop on Data Mining Applied to Security (Philadelphia, PA), 2001).
44. Gaddam S.R., Phoha V.V., Balagani K.S. k-Means+ID3: A novel method for supervised anomaly detection by cascading K-means clustering and ID3 decision tree learning methods,. IEEE Trans. Knowl. Data Eng. 2007, 19(3):345-354.
45. Benferhat S., Tabia K. On the combination of Naïve Bayes and decision trees for intrusion detection. Computational Intelligence for Modelling, Control and Automation 2005, 1:211-216. no.
46. DARPA. Available online at: 1999. http://www.ll.mit.edu/mission/%20communications/ist/corpora/ideval/data/ index.html.
47. McHugh J. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA IDS evaluations as performed by Lincoln Laboratory. ACM Trans. Inform. Syst. Secur. 2000, 3(4).
48. M.V. Mahoney, P.K. Chan, An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection, Technical Report CS-2003-02, 2003.
49. Lesk M. The new front line: Estonia under Cyberassault. IEEE Secur. Privacy 2007, 5(4):76-79.
50. Metasploit Framework, 2013 [online]. [Accessed: 28th February, 2013]. Available from: . http://www.metasploit.com.
51. Chandola V., Banerjee A., Kumar V. Anomaly detection: a survey 2007, University of Minnesota, Tech. rep. 07-017, Computer Science Department.
52. J.B. MacQueen, Some methods for classification and analysis of multivariate observations, in: Proceedings of the Fifth Berkely Symposium on Mathematical Statistics and Probability, vol. 1, 1967, pp. 281-297.
53. Jain A.K. Data clustering: 50 years beyond k-means. Pattern Recognit. Lett. 2010, 31(8):651-666.
54. Wu X., Kumar V., Quinlan J.R., Ghosh J., Yang A., Motoda Y., McLachlan G.J., Ng A., Liu B., Yu P.S. Top 10 algorithms in data mining. Knowledge Inf. Syst. 2008, 14(1):1-37.
55. Corder G.W., Foreman D.I. Nonparametric Statistics for Non-Statisticians: A Step-by-Step Approach 2009, Wiley-Blackwell, New Jersey.
56. Chen Y., Hsu C., Chou S. Constructing a multi-valued and multi-labeled decision tree. Expert Syst. Appl. 2003, 25(2):199-209.
57. Quinlan J.R. C4.5: Programs for Machine Learning 1993, Morgan Kaufmann Publishers, San Mateo.
58. Quinlan J.R. Discovering rules by induction from large collections of examples. Expert Systems in the Micro Electronic Age 1979, Edinburgh University Press, Edinburgh. D. Michie (Ed.).
59. Yasami Y., Mozaffari S.P. A novel unsupervised classification approach for network anomaly detection by k-means clustering and ID3 decision tree learning methods. J. Supercomput. 2010, 53(1):231-245.
60. Tang Y., Wang Z., Gao H., Swift S., Kurths J. A constrained evolutionary computation method for detecting controlling regions of cortical networks. IEEE/ACM Trans. Comput. Biol. Bioinf. 2012, 9(6):1569-1581.
61. Hu J., Wang Z., Gao H., Stergioulas L.K. Extended Kalman filtering with stochastic nonlinearities and multiple missing measurements. Automatica 2012, 48(9):2007-2015.
62. Dong H., Wang Z., Gao H. Distributed filtering for a class of time-varying systems over sensor networks with quantization errors and successive packet dropouts. IEEE Trans. Signal Process. 2012, 60(6):3164-3173.