identifying important features for intrusion detection
play

Identifying Important Features for Intrusion Detection Using - PowerPoint PPT Presentation

Jun 21, 2023 •411 likes •802 views

Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks Objective The dataset Ranking the significance of inputs The Algorithms Performance metrics for support vector machines

  1. Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

  2.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  3. Ob Object ective • Example models to detect intrusion • Support vector machine • Neural Network • Simplify the model to make it faster and more accurate

  4. How t ow to simplify t the m model el • Elimination of the useless features • Rank the importance of input features • Using a reduced number of features can deliver enhanced or comparable performance

  5.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  6. Dataset et  In 1998 by Defense Advanced Research Projects Agency (DARPA)  Originated from MIT’s Lincoln Lab  Raw TCP/IP dump  The LAN was operated like a true environment  Considered a benchmark for intrusion detection evaluations

  7. Dataset et  Data size: 494021 examples  20% of those examples are normal  Number of features: 41  Five possible classes  Normal  DOS: denial of service  R2L: unauthorized access from a remote machine  U2R: unauthorized access to local super user (root) privileges  Probing: surveillance and other probing

  8.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  9. Approa oach ch  Build the model and check the performance using all features  Delete one feature at a time  Build the model again, and verify the performance of the new model with the previous one.

  10. The Algorithm  Delete one input feature from the (training and testing) data  Use the resultant data set for training and testing the classifier  Analyze the results of the classifier, using the performance metrics  Rank the importance of the feature according to the rules  Repeat steps 1 to 4 for each of the input features

  11.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  12. Perfor ormance m ce metr trics cs f for s suppor ort v t vector or machines • Ranks the importance of the 41 features in SVM-based IDS. • Possible ranks for each feature • Important • Secondary • Insignificant

  13. Perfor ormance m ce metr trics cs f for s suppor ort v t vector or mach chin ines ( (SVM) • Ranks based on three Performance criteria • Accuracy of classification • Training Time • Testing time • There are total 10 possible rules for support vector machine

  14. The rule set (SVM)  If accuracy decreases and training time increases and testing time decreases, then the feature is important  If accuracy decreases and training time increases and testing time increases, then the feature is important  If accuracy decreases and training time decreases and testing time increases, then the feature is important

  15. The rule set (SVM) • If accuracy unchanges and training time increases and testing time increases, then the feature is important • If accuracy unchanges and training time decreases and testing time increases, then the feature is secondary • If accuracy unchanges and training time increases and testing time decreases, then the feature is secondary • If accuracy unchanges and training time decreases and testing time decreases, then the feature is insignificant

  16. The rule set (SVM) • If accuracy increases and training time increases and testing time decreases, then the feature is secondary • If accuracy increases and training time decreases and testing time increases, then the feature is secondary • If accuracy increases and training time decreases and testing time decreases, then the feature is insignificant

  17.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  18. Perfor ormance m ce metr trics cs f for n neural n networ orks ( (NN)  Three performance criteria  Overall accuracy (OA) of classification  False positive (FP) rate  False negative (FN) rate  Possible ranks for the feature  Important  Secondary  Insignificant

  19. The rule set (NN)  If OA increases and FP decreases and FN decreases, then the feature is unimportant  If OA increases and FP increases and FN decreases, then the feature is unimportant  If OA decreases and FP increases and FN increases, then the feature is important  If OA decreases and FP decreases and FN increases, then the feature is important  If OA un-changes and FP un-changes, then the feature is secondary

  20. Little i introduction of t the author r & the paper  The paper was published in 2003  Number of citations until today is 493  Srinivas Mukkamala  University of Southern Mississippi  Network security, computational intelligence  Andrew H. Sung  New Mexico Institute of Mining and Technology  Machine learning, classification, Neural networks, pattern recognition

  21.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  22. SVM c characteristi tics cs • SVM is a binary classifier • Needs five models to classify the five classes • Important features can be different for each model

  24. Per erformance s statis tistics ics w with th 4 40 f fea eatures.

  28.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  29. Neural N Netw twor ork • Consists of a collection of processing elements. • Highly interconnected and transform a set of desired outputs. • Multiple classes can be classified. • Transformation is determined by the characteristics of the elements and the weights associated with the interconnections among them.

  30. Del elete f fea eatures on one b by one ( (NN)

  32.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  33. Su Summary an and Co Conclusi sions • Important features gives the most remarkable performance in terms of training time. • The most important features for the two classes of ‘Normal’ and ‘DOS’ heavily overlap • ‘U2Su’ and ‘R2L’, the two smallest classes representing the most serious attacks, each has a small number of important features and a large number of secondary features

  34.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  35. Co Comments  Section: The rule set (SVM)  If accuracy decreases and training time decreases and testing time decrease , then the feature is …  If accuracy increases and training time increase and testing time increase, then the feature is …  Section: The rule set (NN)  If OA un-changes and FP un-changes, then the feature is secondary.  Really! Doesn’t make sense.

  36. Comment nts  Section: Delete features one by one (NN)  How to select which feature to remove is not clear.  The chart is not complete.  Section: Summary and Conclusions  They claim something that we cannot verify with the existing information.  Contradicting conclusions:  Somewhere in conclusions, “The performances of using the important features do not show significant differences to that of using all 41 features.”  Finally, It is a good concept of the elimination of unimportant features to make the more robust and faster.

  37. Questions & Answers

  38. Thank you!

Recommend

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Press intrusion. Identifying similar words with different connotations What is press intrusion?

Press intrusion. Identifying similar words with different connotations What is press intrusion?

Topic 12: Press intrusion. Identifying similar words with different connotations What is press intrusion? Press intrusion is an issue which has many stances, often depending on whether you are a member of the press or have been on the receiving

602 views • 9 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion Detection Systems Detect malicious Raise alarms activities/attacks Alert administrators Hacking/ unauthorized access Trigger defense

217 views • 21 slides
Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu BERKE1337 March 3, 2016 Outline 1. Intrusion Detection 101 2. Bro 3. Network Forensics Exercises 1 / 29 Detection vs. Blocking Intrusion

432 views • 32 slides
Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International

Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International

Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International Conference on Computing in High Energy and Nuclear Physics Outline: Introduction Threat model Intrusion prevention Intrusion detection

420 views • 16 slides
Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

585 views • 30 slides
Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald Tripp www.kent.ac.uk Network intrusion detection Network intrusion detection systems are provided to detect the presence of various security

260 views • 12 slides
Automobile Intrusion Detection Jun Li Twitter @bravo_fighter UnicornTeam Qihoo360 2 What

Automobile Intrusion Detection Jun Li Twitter @bravo_fighter UnicornTeam Qihoo360 2 What

Automobile Intrusion Detection Jun Li Twitter @bravo_fighter UnicornTeam Qihoo360 2 What this talk is about? Automotive intrusion detection Automotive cyber-security architecture From the highest viewpoint J 3 Outline Quick

926 views • 63 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik Sengupta, Ankur Chowdhary, Subbarao Kambhampati Dijiang Huang SNAC Secure Networking and Yochan AI Lab Computing Lab Intrusion Detection Systems?

681 views • 38 slides
Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and Computer Security Com puter security: confidentiality, integrity, and availability Intrusion: actions to com prom ise security W hy

1.09k views • 63 slides
Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

CS 166: Information Security Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs. Detection Most systems we've discussed focus on keeping the bad guys out. Intrusion prevention is a traditional

479 views • 34 slides
Histological Features of Cells and Identifying Epithelia What well talk about

Histological Features of Cells and Identifying Epithelia What well talk about

Histological Features of Cells and Identifying Epithelia What well talk about Preparation of samples for histological analysis Identifying key cellular features and structures Classification of epithelia Identifying features

483 views • 33 slides
Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H.

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H. Sanders Previous Work [1] Intrusion detection by combining and clustering diverse monitor data System Logs Firewall Logs Feature extraction Cluster

527 views • 49 slides
Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 | info@detection-technologies.com | www.detection-technologies.com Mikro Tek Key Advantages One analyzer - up to 300m detection range! A single Mikro Tek

874 views • 6 slides

More recommend