Dimension reduction using feature extraction methods for real-time misuse detection systems

Kuchimanchi, G.K.; Phoha, Vir V.; Balagani, Kiran S.; Gaddam, S.R.

doi:10.1109/iaw.2004.1437817

Cited by 29 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Each labeled TCP session is either normal or a member of one of the 22 attack classes in the dataset. The first 5 features are selected, namely (1) Src_Bytes, (2) Dst_Bytes, (3) Duration, (4) Is_Host_Login, and (5) Is_Guest_Login, based on the results of Gopi et al [8] which are based on the Screen Test and Critical Eigenvalue test. The objective of selection of a subset out of all the features is to assess the robustness of our system.…”

Section: Kdd Cup 1999 Data Setmentioning

confidence: 99%

See 1 more Smart Citation

Investigating hidden Markov models capabilities in anomaly detection

Joshi

Phoha

2005

Proceedings of the 43rd Annual Southeast Regional Conference - Volume 1

View full text Add to dashboard Cite

Hidden Markov Model (HMM) based applications are common in various areas, but the incorporation of HMM's for anomaly detection is still in its infancy. This paper aims at classifying the TCP network traffic as an attack or normal using HMM. The paper's main objective is to build an anomaly detection system, a predictive model capable of discriminating between normal and abnormal behavior of network traffic. In the training phase, special attention is given to the initialization and model selection issues, which makes the training phase particularly effective. For training HMM, 12.195% features out of the total features (5 features out of 41 features) present in the KDD Cup 1999 data set are used. Result of tests on the KDD Cup 1999 data set shows that the proposed system is able to classify network traffic in proportion to the number of features used for training HMM. We are extending our work on a larger data set for building an anomaly detection system.

show abstract

Section: Kdd Cup 1999 Data Setmentioning

confidence: 99%

“…Intrusion detection systems (IDS) [11] have become popular tools for identifying anomalous and malicious activities in computer systems and networks [8]. Anomaly detection is a key element of intrusion detection and other detection systems in which perturbations from normal behavior suggest the presence of attacks, defects etc.…”

Section: Introductionmentioning

confidence: 99%

Investigating hidden Markov models capabilities in anomaly detection

Joshi

Phoha

2005

Proceedings of the 43rd Annual Southeast Regional Conference - Volume 1

View full text Add to dashboard Cite

show abstract

“…It is well known that principal component analysis (PCA) is one of the most popular feature reduction and data compression methods that have also been applied to design IDS [15]. In [16], neural network principal component analysis (NNPCA) and nonlinear component analysis (NLCA) are discussed to reduce the dimension of network traffic patterns by comparing information of the compressed data with that of the original data. In [17], PCA has been used to detect selected denial-of-service and network probe attacks.…”

Section: Related Workmentioning

confidence: 99%

An Effective Intrusion Detection System Based onMulti-layers Mining Methods

Yao¹

2014

IJSIA

View full text Add to dashboard Cite

show abstract

“…It is well known that principal component analysis (PCA) is an essential technique in data compression and feature extraction [11], and it has been also applied to the field of ID [12][13][14]. It is well known that PCA has been widely used in data compression and feature selection.…”

Section: B Principle Components Analysismentioning

confidence: 99%

“…This is very important if real-time detection is desired. Principal component analysis (PCA) is an essential technique in data compression and feature selection [11] which has been applied to the field of ID [12,14]. PCA [15] is an efficient method to reduce dimensionality by providing a linear map of n-dimensional feature space to a reduced m-dimensional feature space.…”

Section: Introductionmentioning

confidence: 99%

Principle components analysis and Support Vector Machine based Intrusion Detection System

Eid

Darwish

Hassanien

et al. 2010

2010 10th International Conference on Intelligent Systems Design and Applications

View full text Add to dashboard Cite

Abstract-Intrusion Detection System (IDS) is an importantand necessary component in ensuring network security and protecting network resources and infrastructures. In this paper, we effectively introduced intrusion detection system by using Principal Component Analysis (PCA) with Support Vector Machines (SVMs) as an approach to select the optimum feature subset. We verify the effectiveness and the feasibility of the proposed IDS system by several experiments on NSL-KDD dataset. A reduction process has been used to reduce the number of features in order to decrease the complexity of the system. The experimental results show that the proposed system is able to speed up the process of intrusion detection and to minimize the memory space and CPU time cost.

show abstract

Dimension reduction using feature extraction methods for real-time misuse detection systems

Cited by 29 publications

References 11 publications

Investigating hidden Markov models capabilities in anomaly detection

Investigating hidden Markov models capabilities in anomaly detection

An Effective Intrusion Detection System Based onMulti-layers Mining Methods

Principle components analysis and Support Vector Machine based Intrusion Detection System

Contact Info

Product

Resources

About