A Feature Selection and Evaluation Framework for Network Intrusion Detection

Iosif-Viorel Onut (University of New Brunswick)


ABSTRACT

Our research focuses on mining the most useful network features for attack detection. Accordingly, we propose a new network feature classification schema as well as a new feature evaluation procedure that help us identify the most useful features that can be extracted from network packets. The network feature classification schema is intended to provide a better understanding, and propose a new standard, upon the features that can be extracted from network packets, and their relationships. The classification has a set 27 classes of features based on the network abstractions that they refer to (e.g., host, network, connection, etc). We use our feature classification schema to select a comprehensive set of network features for conducting and reporting our experimental findings. The feature evaluation procedure provide a deterministic approach for pinpointing those network features that are indeed useful in the attack detection process. The procedure uses mathematical, statistical and fuzzy logic techniques to rank the participation of individual features into the detection process. In our research we have identified several tuning parameters that directly influence the detection performance of each individual feature. To address this issue, our method takes into account the performance of each feature while using multiple tunings, making the evaluation process more robust to biases that could be accidentally introduced by a poor tuning combination. Our experimental results empirically confirm that our feature evaluation model can successfully be applied to mine the importance of a feature in the detection process.

BIOGRAPHY

Iosif-Viorel Onut is a Ph.D. candidate at the University of New Brunswick, Faculty of Computer Science, Fredericton, Canada. His main research focus is network security. He received his M.Sc. and B.Eng. in Computer Science from Technical University of Cluj-Napoca, Romania. The work for his B.Sc. thesis was done throughout a 6 months scholarship at the DaimlerChrysler AG Research and Technology center in Berlin, Germany (2002). During 2004-2005 he worked in the field of Privacy Security and Trust at National Research Council of Canada, Institute for Information Technology, Fredericton, Canada. He also worked as a researcher for the City of Fredericton, Network Infrastructure, during 2005. Since 2003 he is an active member of the Network Security Laboratory (http://nsl.cs.unb.ca) at University of New Brunswick, Fredericton, Canada.