Towards fast detecting intrusions: using key attributes of network trafic

Abstract : Extracting attributes from network traffic is the first step of network intrusion detection. However, the question of what attributes are most effective for the detection still remains. In this paper, we employed information gain, wrapper with Bayesian Networks (BN) and Decision trees (C4.5) respectively to select key subsets of attributes for network intrusion detection based on KDD Cup 1999 data. We then used the selected 10 attributes to detect DDoS attacks in the real environments. The empirical results based on KDD Cup 1999 data as well as DDoS attack data show that only using the 10 attributes, the detection accuracy almost remains the same or even becomes better compared with that of using all the 41 attributes with both BN and C4.5 classifiers. Using a small subset of attributes also improves the efficiency of intrusion detection.
Type de document :
Communication dans un congrès
The Third International Conference on Internet Monitoring and Protection, Jul 2008, Bucharest, Romania. 2008
Liste complète des métadonnées

https://hal.inria.fr/inria-00461415
Contributeur : Thomas Guyet <>
Soumis le : jeudi 4 mars 2010 - 15:53:52
Dernière modification le : mercredi 11 avril 2018 - 01:57:06

Identifiants

  • HAL Id : inria-00461415, version 1

Citation

Wei Wang, Sylvain Gomblaut, Thomas Guyet. Towards fast detecting intrusions: using key attributes of network trafic. The Third International Conference on Internet Monitoring and Protection, Jul 2008, Bucharest, Romania. 2008. 〈inria-00461415〉

Partager

Métriques

Consultations de la notice

193