eprintid: 2759
rev_number: 11
eprint_status: archive
userid: 274
dir: disk0/00/00/27/59
datestamp: 2017-12-29 08:48:02
lastmod: 2017-12-29 08:48:02
status_changed: 2017-12-29 08:48:02
type: conference_item
metadata_visibility: show
creators_name: Nguyen, Xuan Nam
creators_name: Nguyen, Dai Tho
creators_id: namnx228@gmail.com
creators_id: nguyendaitho@vnu.edu.vn
corp_creators: University of Engineering and Technology, Vietnam National University, Hanoi
title: Intrusion Detection Using a More General Feature Extraction Method for Payload-based Anomaly One-Class Classifier
ispublished: inpress
subjects: IT
divisions: fac_fit
note: Bài báo này đã giành được giải thưởng "Best Paper Award" tại hội thảo SOIS 2017.
abstract: In this paper, we proposed a method to extract more general features of data for payload-based anomaly IDS. However, because of the significant rise in the number of features, there are numerous redundancies, leading to the rise in the complexity and the decrease in the accuracy of the classification. To that end, we apply Chi square [9] feature selection method to pick up the best features in the feature set. We have done many experiments on real world dataset of HTTP-based attacks to evaluate the performance of our classifier using our feature extraction method. The results show that our classifier can quickly detect the attack packets with very high true positive rate while keeping the false positive rate at a very low level. Besides, the results also indicate that our classifier outperforms other classifiers such as McPAD [10], and PAY [12, 13].
date: 2017-12-02
official_url: http://sois2017.uit.edu.vn/
contact_email: nguyendaitho@vnu.edu.vn
full_text_status: public
pres_type: paper
event_title: Hội thảo lần thứ II Một số vấn đề chọn lọc về an toàn an ninh thông tin
event_location: Ho Chi Minh City, Vietnam
event_dates: December 2-3, 2017
event_type: conference
refereed: TRUE
referencetext: [1] Blum, A., & Langley, P. (1997). Selection of relevant features and examples in machine learning. Artificial Intelligence, 97, 245-271.
[2] Dash and Liu. Feature selection for classification. Intelligent Data Analysis Volume 1, Issues 1–4, 1997, Pages 131-156
[3] I. S. Dhillon, S. Mallela, and R. Kumar. A divisive information-theoretic feature clustering algorithm for text classification. Journal of Machine Learning Research, 3:1265–1287, 2003.
[4] R. O. Duda, P. E. Hart, and D. G. Stork. Pattern Classification. Wiley, 2000
[5] Ogura H, Amano H, Kondo M. Feature selection with a measure of deviations from Poisson in text categorization. Expert Systems with Applications. 2009;36(3):6826–6832.
[6] Peng H, Long F, Ding C. Feature selection based on mutual information: criteria of Max-Dependency, Max-Relevance, and Min-Redundancy. IEEE Transactions on Pattern Analysis and Machine Intelligence. 2005;27(8):1226–1238.
[7] D. Koller and M. Sahami (1996). "Toward Optimal Feature Selection." Proceedings of the Thirteenth International Conference on Machine Learning (ICML) (pp. 284-292).
[8] E. Leopold and J. Kindermann. Text categorization with support vector machines. How to represent texts in input space? Machine Learning, 46:423–444, 2002.
[9] H. Liu and H. Motoda, editors. Computational Methods of Feature Selection. Chapman and Hall/CRC Press, 2007.
[10] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, W. Lee. "McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection." Computer Networks, Special Issue on Traffic Classification and Its Applications to Modern Networks, 5(6), 2009, pp. 864-881.
[11] D. M. J. Tax. One-Class Classification, Concept Learning in the Absence of Counter Examples. PhD thesis, Delft University of Technology, Delft, Netherland, 2001.
[12] K. Wang and S. Stolfo. Anomalous payload-based worm detection and signature generation. In Recent Advances in Intrusion Detection (RAID), 2005.
[13] K. Wang and S. Stolfo. Anomalous payload-based network intrusion detection. In Recent Advances in Intrusion Detection (RAID), 2004.
[14] Yang Y, Pedersen JO. A comparative study on feature selection in text categorization. Proceedings of the 14th International Conference on Machine Learning (ICML '97); 1997; Nashville, Tenn, USA. Morgan Kaufmann; pp. 412–420.
citation:   Nguyen, Xuan Nam and Nguyen, Dai Tho  (2017) Intrusion Detection Using a More General Feature Extraction Method for Payload-based Anomaly One-Class Classifier.  In: Hội thảo lần thứ II Một số vấn đề chọn lọc về an toàn an ninh thông tin, December 2-3, 2017, Ho Chi Minh City, Vietnam.    (In Press)  
document_url: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/2759/1/Intrusion%20Detection%20Using%20a%20More%20General%20feature%20extraction%20method%20for%20Payload.pdf