Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection

Tian Jun-feng; Wang Hui-ran; Fu Yue

doi:10.3724/SP.J.1146.2005.01632

Volume 29 Issue 9

Jan. 2011

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2007 > 29(9): 2248-2251

Tian Jun-feng, Wang Hui-ran, Fu Yue. Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection[J]. Journal of Electronics & Information Technology, 2007, 29(9): 2248-2251. doi: 10.3724/SP.J.1146.2005.01632

Citation:

Tian Jun-feng, Wang Hui-ran, Fu Yue. Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection[J]. Journal of Electronics & Information Technology, 2007, 29(9): 2248-2251. doi: 10.3724/SP.J.1146.2005.01632

Citation:

PDF( 222 KB)

Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection

doi: 10.3724/SP.J.1146.2005.01632 cstr: 32379.14.SP.J.1146.2005.01632

Received Date: 2005-12-16
Rev Recd Date: 2007-05-21
Publish Date: 2007-09-19

Abstract

Abstract

At present some Intrusion Detection Systems (IDS) use the features of TCP/IP data packets for analysis and modeling, but due to the different contribution of TCP/IP features to the detecting process a favorable impact may be made on the promotion of IDSs detecting rate and real time if the quantity of properties can be reduced properly without affecting the precision of detection. Therefore, a Decision Tree Rule-based Statistical method (DTRS) in light of this is presented to reduce TCP/IP features. Its primary concept is to create n decision trees in n data subsets, extract the rules, work out the relatively important features in accordance with the frequency of use of different features and verify its feasibility and effectiveness through tests.

FullText(HTML)

References(1)

References

郑军，胡铭曾，云晓春，张宏丽. 基于SOFM和快速最近邻搜索的网络入侵检测系统与攻击分析. 计算机研究与发展， 2005-9, 42(9): 1578-1586. Zheng Jun, Hu Ming-zeng, Yun Xiao-chun, and Zhang Hong-li. Network intrusion detection and attack analysis based on SOFM with fast nearest-neighbor search. Computer Research and Development, 2005, 42(9): 1578-1586.[2]Bierman E, Cloete E, and Venter L M. A comparison of intrusion detection systems[J].Computers Security.2001, 20(8):676-683[3]Lee W, Miller M, Stolfo S, Jallad K, Park C, Zadok E, and Prabhakar V. Toward cost-sensitive modeling for intrusion detection. Technical Report CUCS-002-00, Computer Science, Columbia University, 2000.[4]Mukkamala S and Sung A H. Identifying significant features for network forensic analysis using artificial intelligent techniques. International Journal of Digital Evidence, 2003, 1(4): 1-17.[5]Srilatha Chebrolu, Ajith Abraham, and Johnson P. Thomas[J].Feature deduction and ensemble design of intrusion detection system. Computer Security.2005, 24(4):295-307[6]邹涛，孙宏伟，田新广，李学春. 入侵检测系统中两种审计数据缩减技术的比较与分析.计算机应用，2003, 23(7): 13-17. Zou Tao, Sun Hong-wei, Tian Xin-guang, and Li Xue-chun. Comparison and analysis of two audit data reduction methods for intrusion setection system. Computer Applications, 2006, 23(7): 13-17.[7]Lippmann R, Haines J W, Fried D J, Korba J, and Das K. The 1999 DARPA off-line intrusion detection evaluation[J].Computer Networks.2000, 34(4):579-595

Relative Articles

Supplements(0)

Cited By

Proportional views