Abstract
The ever growing volume of network traffic results in the need for even more efficient data processing in Intrusion Detection Systems. In particular, the raw network data has to be transformed and largely reduced to be processed by data mining models.
The primary objective of this work is to control the dimensionality reduction (DR) of network flow records in view of the accuracy of misuse detection. A real data set, containing flow records with potential spam messages, is used to perform the tests of the proposed method. The algorithm proposed in this study is applied to investigate the merits of hybrid models composed of dimensionality reduction, neural networks, and decision trees. The benefits of dimensionality reduction and the impact of the process on the overall spam detection rates and false positive rates are investigated. The advantages of the proposed technique over standard a priori selection of reduced dimension are discussed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abouabdalla, O., et al.: False Positive Reduction in Intrusion Detection System: A Survey. In: Proc. of IC-BNM 2009, pp. 463–466 (2009)
Baláẑ, A., Trelová, J., Kostráb, M.: Architecture of Distributed Intrusion Detection System Based on Anomalies. In: 14th International Conference on Intelligent Engineering Systems (INES), pp. 79–83 (2010)
Barapatre, P., et al.: Training MLP Neural Network to Reduce False Alerts in IDS. In: Proc. of the 2008 Int. Conf. on Computing, Communication and Networking, ICCCN 2008 (2008)
Biskup, J.: Security in Computing Systems. Challenges, Approaches and Solutions. Springer, Heidelberg (2009)
Dash, S.K., Rawat, S., Pujari, A.K.: Use of Dimensionality Reduction for Intrusion Detection. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol. 4812, pp. 306–320. Springer, Heidelberg (2007)
Fanelli, R.L.: A Hybrid Model for Immune Inspired Network Intrusion Detection. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 107–118. Springer, Heidelberg (2008)
Fomenkov, M., Claffy, K.: Internet measurement data management challenges. In: The Cooperative Association for Internet Data Analysis (CAIDA), San Diego, USA (2011)
Grzenda, M.: Prediction-Oriented Dimensionality Reduction of Industrial Data Sets. In: Mehrotra, K.G., Mohan, C.K., Oh, J.C., Varshney, P.K., Ali, M. (eds.) IEA/AIE 2011, Part I. LNCS (LNAI), vol. 6703, pp. 232–241. Springer, Heidelberg (2011)
Haykin, S.: Neural Networks: a Comprehensive Foundation. Prentice-Hall Inc. (1999)
Hu, C., et al.: On the Deployment Strategy of Distributed Network Security Sensors. In: 13th IEEE International Conference on Networks (2005)
El-Khatib, K.: Impact of Feature Reduction of the Efficiency of Wireless Intrusion Detection Systems. IEEE Trans. on Parallel and Distributed Systems 21(8), 1143–1149 (2010)
Kim, H., et al.: Internet Traffic Classification Demystified: Myths, Caveats, and the Best Practices. In: Proc. of ACM CoNEXT 2008 (December 2008)
Larose, D.T.: Data Mining Methods and Models (2006)
Lattin, J.M., Carroll, J.D., Green, P.E.: Analyzing Multivariate Data (2003)
Lee, J., Verleysen, M.: Nonlinear Dimensionality Reduction. Springer, Heidelberg (2010)
Lim, S.Y., Jones, A.: Network Anomaly Detection System: The State of Art of Network Behaviour Analysis. In: Int. Conf. on Convergence and Hybrid Information Technology, pp. 459–465 (2008)
Moore, A., Zuev, D., Crogan, M.: Discriminators for use in flow-based classification. Technical Report, RR-05-13, Department of Computer Science, Queen Mary, University of London (2005)
Žádník, M., Michlovský, Z.: Is Spam Visible in Flow-Level Statistics? CESNET National Research and Education Network, Prague, Czech Republic, Technical Report 6/2008, 67–78 (2008)
Zhang, J., Zulkernine, M., Haque, A.: Random-Forests-Based Network Intrusion Detection Systems. IEEE Trans. on Systems, Man, and Cybernetics 38(5), 649–659 (2008)
Zhou, Y.-P.: Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection. In: Proc. of 2009 Asia-Pacific Conf. on Information Processing, pp. 21–24 (2009)
Yanwei, F., Yingying, Z., Haiyang, Y.: Study of Neural Network Technologies in Intrusion Detection Systems. In: Proc. of the 5th Int. Conf. on Wireless Communications, Networking and Mobile Computing (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grzenda, M. (2012). Towards the Reduction of Data Used for the Classification of Network Flows. In: Corchado, E., Snášel, V., Abraham, A., Woźniak, M., Graña, M., Cho, SB. (eds) Hybrid Artificial Intelligent Systems. HAIS 2012. Lecture Notes in Computer Science(), vol 7209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28931-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-28931-6_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28930-9
Online ISBN: 978-3-642-28931-6
eBook Packages: Computer ScienceComputer Science (R0)