ABSTRACT
Our research focuses on mining the most useful network features for attack
detection. Accordingly, we propose a new network feature classification schema
as well as a new feature evaluation procedure that help us identify the most
useful features that can be extracted from network packets. The network feature
classification schema is intended to provide a better understanding, and
propose a new standard, upon the features that can be extracted from network
packets, and their relationships. The classification has a set 27 classes of
features based on the network abstractions that they refer to (e.g., host,
network, connection, etc). We use our feature classification schema to select a
comprehensive set of network features for conducting and reporting our
experimental findings. The feature evaluation procedure provide a deterministic
approach for pinpointing those network features that are indeed useful in the
attack detection process. The procedure uses mathematical, statistical and
fuzzy logic techniques to rank the participation of individual features into
the detection process. In our research we have identified several tuning
parameters that directly influence the detection performance of each individual
feature. To address this issue, our method takes into account the performance
of each feature while using multiple tunings, making the evaluation process
more robust to biases that could be accidentally introduced by a poor tuning
combination. Our experimental results empirically confirm that our feature
evaluation model can successfully be applied to mine the importance of a
feature in the detection process.
BIOGRAPHY
Iosif-Viorel Onut is a Ph.D. candidate at the University of New Brunswick,
Faculty of Computer Science, Fredericton, Canada. His main research focus is
network security. He received his M.Sc. and B.Eng. in Computer Science from
Technical University of Cluj-Napoca, Romania. The work for his B.Sc. thesis was
done throughout a 6 months scholarship at the DaimlerChrysler AG Research and
Technology center in Berlin, Germany (2002). During 2004-2005 he worked in the
field of Privacy Security and Trust at National Research Council of Canada,
Institute for Information Technology, Fredericton, Canada. He also worked as a
researcher for the City of Fredericton, Network Infrastructure, during 2005.
Since 2003 he is an active member of the Network Security Laboratory
(http://nsl.cs.unb.ca) at University of New Brunswick, Fredericton, Canada.