Class Dependent Feature Transformation for Intrusion Detection Systems

  • سال انتشار: 1390
  • محل انتشار: نوزدهمین کنفرانس مهندسی برق ایران
  • کد COI اختصاصی: ICEE19_082
  • زبان مقاله: انگلیسی
  • تعداد مشاهده: 1297
دانلود فایل این مقاله

نویسندگان

Mehdi Mohammadi

Iran University of science and technology, Computer Engineering Department

Bijan Raahemi

Ahmad Akbari

Babak Nassersharif

چکیده

Most of intrusion detection systems use primary and raw input features which are extracted from network connection without any preprocessing on the extracted features. In this paper, we propose a new feature transformation method based on class dependent approach for improving the accuracy of intrusion detection systems. In usual class dependent feature transformation methods the mapping process is accomplished using different mapping matrices for different classes of thedataset. In these methods, there is a difference between the train and test phases. In the training phase of class-dependent methods, samples of each class is mapped only using the corresponding matrix, however, in the test phase, each sampleis mapped using all of the transformed matrices. This may lead to some mistakes in classification. In this paper we modify the train and test phases on class dependent methods and propose a new linear feature transformation method. Unlike the usual class-dependent methods, the training and test phases of the proposed method are very similar. This similarity aids the classifier to learn more about dataset samples and transformation process. The performance of our proposed method is evaluated using three different indices, namely mutual information, maximum relevancy minimum redundancy criteria, and classification accuracy. The proposed method was evaluated on a benchmark intrusion detection dataset (NSLKDD dataset). The experimental results demonstrate that applying the proposed feature transformation method leads to higher classification accuracy and makes the IDS more capable of distinguishing intruders from normal users

کلیدواژه ها

intrusion detection; network security; linear feature transformation; class independent feature transformation

مقالات مرتبط جدید

اطلاعات بیشتر در مورد COI

COI مخفف عبارت CIVILICA Object Identifier به معنی شناسه سیویلیکا برای اسناد است. COI کدی است که مطابق محل انتشار، به مقالات کنفرانسها و ژورنالهای داخل کشور به هنگام نمایه سازی بر روی پایگاه استنادی سیویلیکا اختصاص می یابد.

کد COI به مفهوم کد ملی اسناد نمایه شده در سیویلیکا است و کدی یکتا و ثابت است و به همین دلیل همواره قابلیت استناد و پیگیری دارد.