Improving Signature Detection Classification Model using features selection based on customized features

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

Having an accurate Signature Detection Classification (SDC) Model has become highly demanding for Intrusion Detection Systems (IDS) to secure networks, especially when dealing with large and complex security audit data set. Selecting appropriate network features is one of the factors that influence the accuracy of SDC model. Past research has shown that the Hidden Marcov Chain, Genetic Algorithm, and the two-second time windows are among the best features selection methods for SDC Model. However this paper aims to improve the accuracy model by applying the features extraction based customized features. The customized features are the network data set which has been preprocessed through the following steps: removing biased attributes, discretized using chimerge and remove the attributes with string value. The previous research applies the feature extraction based on all features. The best model is measured based on the detection rate, false alarm rate and number of rules using four data mining techniques such as Ripper(Jrip), Ridor, PART and decision three. The experiment is conducted using three random KDD-cup99 data sets. The result shows that the features extraction based on customized features has increased the accuracy model between 0.4% to 9% detection rates and reduced between 0.17% to 0.5% false alarm rates. The result shows the importance of data preprocessing in producing a high quality SDC Model.

Original languageEnglish
Title of host publicationProceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10
Pages1026-1031
Number of pages6
DOIs
Publication statusPublished - 2010
Event2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10 - Cairo
Duration: 29 Nov 20101 Dec 2010

Other

Other2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10
CityCairo
Period29/11/101/12/10

Fingerprint

Feature extraction
Intrusion detection
Data mining
Genetic algorithms
Experiments

Keywords

  • Data mining
  • Features selection
  • Genetic algorithm feature selection
  • JRip algorithm
  • Signature Detection

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Hardware and Architecture

Cite this

Ali Othman, Z., Abu Bakar, A., & Etubal, I. (2010). Improving Signature Detection Classification Model using features selection based on customized features. In Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10 (pp. 1026-1031). [5687051] https://doi.org/10.1109/ISDA.2010.5687051

Improving Signature Detection Classification Model using features selection based on customized features. / Ali Othman, Zulaiha; Abu Bakar, Azuraliza; Etubal, Intesar.

Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10. 2010. p. 1026-1031 5687051.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ali Othman, Z, Abu Bakar, A & Etubal, I 2010, Improving Signature Detection Classification Model using features selection based on customized features. in Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10., 5687051, pp. 1026-1031, 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10, Cairo, 29/11/10. https://doi.org/10.1109/ISDA.2010.5687051
Ali Othman Z, Abu Bakar A, Etubal I. Improving Signature Detection Classification Model using features selection based on customized features. In Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10. 2010. p. 1026-1031. 5687051 https://doi.org/10.1109/ISDA.2010.5687051
Ali Othman, Zulaiha ; Abu Bakar, Azuraliza ; Etubal, Intesar. / Improving Signature Detection Classification Model using features selection based on customized features. Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10. 2010. pp. 1026-1031
@inproceedings{b19b018fd88f4bc39fb9122320c5fc4d,
title = "Improving Signature Detection Classification Model using features selection based on customized features",
abstract = "Having an accurate Signature Detection Classification (SDC) Model has become highly demanding for Intrusion Detection Systems (IDS) to secure networks, especially when dealing with large and complex security audit data set. Selecting appropriate network features is one of the factors that influence the accuracy of SDC model. Past research has shown that the Hidden Marcov Chain, Genetic Algorithm, and the two-second time windows are among the best features selection methods for SDC Model. However this paper aims to improve the accuracy model by applying the features extraction based customized features. The customized features are the network data set which has been preprocessed through the following steps: removing biased attributes, discretized using chimerge and remove the attributes with string value. The previous research applies the feature extraction based on all features. The best model is measured based on the detection rate, false alarm rate and number of rules using four data mining techniques such as Ripper(Jrip), Ridor, PART and decision three. The experiment is conducted using three random KDD-cup99 data sets. The result shows that the features extraction based on customized features has increased the accuracy model between 0.4{\%} to 9{\%} detection rates and reduced between 0.17{\%} to 0.5{\%} false alarm rates. The result shows the importance of data preprocessing in producing a high quality SDC Model.",
keywords = "Data mining, Features selection, Genetic algorithm feature selection, JRip algorithm, Signature Detection",
author = "{Ali Othman}, Zulaiha and {Abu Bakar}, Azuraliza and Intesar Etubal",
year = "2010",
doi = "10.1109/ISDA.2010.5687051",
language = "English",
isbn = "9781424481354",
pages = "1026--1031",
booktitle = "Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10",

}

TY - GEN

T1 - Improving Signature Detection Classification Model using features selection based on customized features

AU - Ali Othman, Zulaiha

AU - Abu Bakar, Azuraliza

AU - Etubal, Intesar

PY - 2010

Y1 - 2010

N2 - Having an accurate Signature Detection Classification (SDC) Model has become highly demanding for Intrusion Detection Systems (IDS) to secure networks, especially when dealing with large and complex security audit data set. Selecting appropriate network features is one of the factors that influence the accuracy of SDC model. Past research has shown that the Hidden Marcov Chain, Genetic Algorithm, and the two-second time windows are among the best features selection methods for SDC Model. However this paper aims to improve the accuracy model by applying the features extraction based customized features. The customized features are the network data set which has been preprocessed through the following steps: removing biased attributes, discretized using chimerge and remove the attributes with string value. The previous research applies the feature extraction based on all features. The best model is measured based on the detection rate, false alarm rate and number of rules using four data mining techniques such as Ripper(Jrip), Ridor, PART and decision three. The experiment is conducted using three random KDD-cup99 data sets. The result shows that the features extraction based on customized features has increased the accuracy model between 0.4% to 9% detection rates and reduced between 0.17% to 0.5% false alarm rates. The result shows the importance of data preprocessing in producing a high quality SDC Model.

AB - Having an accurate Signature Detection Classification (SDC) Model has become highly demanding for Intrusion Detection Systems (IDS) to secure networks, especially when dealing with large and complex security audit data set. Selecting appropriate network features is one of the factors that influence the accuracy of SDC model. Past research has shown that the Hidden Marcov Chain, Genetic Algorithm, and the two-second time windows are among the best features selection methods for SDC Model. However this paper aims to improve the accuracy model by applying the features extraction based customized features. The customized features are the network data set which has been preprocessed through the following steps: removing biased attributes, discretized using chimerge and remove the attributes with string value. The previous research applies the feature extraction based on all features. The best model is measured based on the detection rate, false alarm rate and number of rules using four data mining techniques such as Ripper(Jrip), Ridor, PART and decision three. The experiment is conducted using three random KDD-cup99 data sets. The result shows that the features extraction based on customized features has increased the accuracy model between 0.4% to 9% detection rates and reduced between 0.17% to 0.5% false alarm rates. The result shows the importance of data preprocessing in producing a high quality SDC Model.

KW - Data mining

KW - Features selection

KW - Genetic algorithm feature selection

KW - JRip algorithm

KW - Signature Detection

UR - http://www.scopus.com/inward/record.url?scp=79851482130&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79851482130&partnerID=8YFLogxK

U2 - 10.1109/ISDA.2010.5687051

DO - 10.1109/ISDA.2010.5687051

M3 - Conference contribution

AN - SCOPUS:79851482130

SN - 9781424481354

SP - 1026

EP - 1031

BT - Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, ISDA'10

ER -