Attribute Reduction for Effective Intrusion Detection

10 years 6 months ago
Attribute Reduction for Effective Intrusion Detection
Abstract. Computer intrusion detection is to do with identifying computer activities that may compromise the integrity, confidentiality or the availability of an IT system. Anomaly Intrusion Detection Systems (IDSs) aim at distinguishing an abnormal activity from an ordinary one. However, even in a moderate site, computer activity very quickly yields Giga-bytes of information, overwhelming current IDSs. To make anomaly intrusion detection feasible, this paper advocates the use of Rough Sets previous to the intrusion detector, in order to filter out redundant, spurious information. Using rough sets, we have been able to successfully identify pieces of information that succinctly characterise computer activity without missing chief details. The results are very promising since we were able to reduce the number of attributes by a factor of 3 resulting in a 66% of data reduction. We have tested our approach using BSM log files borrowed from the DARPA repository.
Fernando Godínez, Dieter Hutter, Raul Monro
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where AWIC
Authors Fernando Godínez, Dieter Hutter, Raul Monroy
Comments (0)