Towards fast detecting intrusions: using key attributes of network traffic

Wei Wang 1 Sylvain Gombault 2 Thomas Guyet 1
1 DREAM - Diagnosing, Recommending Actions and Modelling
Inria Rennes – Bretagne Atlantique , IRISA-D7 - GESTION DES DONNÉES ET DE LA CONNAISSANCE
Abstract : Extracting attributes from network traffic is the first step of network intrusion detection. However, the question of which or what attributes are most effective for the detection still remains. In this paper, we employed information gain, wrapper with Bayesian Networks (BN) and Decision trees (C4.5) respectively to select key subsets of attributes for network intrusion detection based on KDD Cup 1999 data. We then used the selected 10 attributes to detect DDoS attacks in the real environments. The empirical results based on DDoS attack data collected in the real world as well as KDD Cup 1999 data show that only using the 10 attributes, the detection accuracy almost remains the same or even becomes better compared with using all the 41 attributes with both BN and C4.5 classifiers. Using a small subset of attributes also improves the efficiency in terms of attribute forming, models training as well as intrusion detection.
Complete list of metadatas

Cited literature [26 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01833587
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Monday, July 9, 2018 - 6:25:28 PM
Last modification on : Monday, February 25, 2019 - 3:14:05 PM
Long-term archiving on : Tuesday, October 2, 2018 - 7:57:09 AM

File

Towards fast detecting intrusi...
Files produced by the author(s)

Identifiers

Citation

Wei Wang, Sylvain Gombault, Thomas Guyet. Towards fast detecting intrusions: using key attributes of network traffic. ICIMP 2008 - Third International Conference on Internet Monitoring and Protection, Jun 2008, Bucharest, Romania. pp.86-91, ⟨10.1109/ICIMP.2008.13⟩. ⟨hal-01833587⟩

Share

Metrics

Record views

152

Files downloads

376