PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
identifying important features for intrusion detection

Identifying Important Features for Intrusion Detection Using - PowerPoint PPT Presentation

Jun 21, 2023 •411 likes •802 views

Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks Objective The dataset Ranking the significance of inputs The Algorithms Performance metrics for support vector machines

  1. Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

  2.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  3. Ob Object ective • Example models to detect intrusion • Support vector machine • Neural Network • Simplify the model to make it faster and more accurate

  4. How t ow to simplify t the m model el • Elimination of the useless features • Rank the importance of input features • Using a reduced number of features can deliver enhanced or comparable performance

  5.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  6. Dataset et  In 1998 by Defense Advanced Research Projects Agency (DARPA)  Originated from MIT’s Lincoln Lab  Raw TCP/IP dump  The LAN was operated like a true environment  Considered a benchmark for intrusion detection evaluations

  7. Dataset et  Data size: 494021 examples  20% of those examples are normal  Number of features: 41  Five possible classes  Normal  DOS: denial of service  R2L: unauthorized access from a remote machine  U2R: unauthorized access to local super user (root) privileges  Probing: surveillance and other probing

  8.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  9. Approa oach ch  Build the model and check the performance using all features  Delete one feature at a time  Build the model again, and verify the performance of the new model with the previous one.

  10. The Algorithm  Delete one input feature from the (training and testing) data  Use the resultant data set for training and testing the classifier  Analyze the results of the classifier, using the performance metrics  Rank the importance of the feature according to the rules  Repeat steps 1 to 4 for each of the input features

  11.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  12. Perfor ormance m ce metr trics cs f for s suppor ort v t vector or machines • Ranks the importance of the 41 features in SVM-based IDS. • Possible ranks for each feature • Important • Secondary • Insignificant

  13. Perfor ormance m ce metr trics cs f for s suppor ort v t vector or mach chin ines ( (SVM) • Ranks based on three Performance criteria • Accuracy of classification • Training Time • Testing time • There are total 10 possible rules for support vector machine

  14. The rule set (SVM)  If accuracy decreases and training time increases and testing time decreases, then the feature is important  If accuracy decreases and training time increases and testing time increases, then the feature is important  If accuracy decreases and training time decreases and testing time increases, then the feature is important

  15. The rule set (SVM) • If accuracy unchanges and training time increases and testing time increases, then the feature is important • If accuracy unchanges and training time decreases and testing time increases, then the feature is secondary • If accuracy unchanges and training time increases and testing time decreases, then the feature is secondary • If accuracy unchanges and training time decreases and testing time decreases, then the feature is insignificant

  16. The rule set (SVM) • If accuracy increases and training time increases and testing time decreases, then the feature is secondary • If accuracy increases and training time decreases and testing time increases, then the feature is secondary • If accuracy increases and training time decreases and testing time decreases, then the feature is insignificant

  17.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  18. Perfor ormance m ce metr trics cs f for n neural n networ orks ( (NN)  Three performance criteria  Overall accuracy (OA) of classification  False positive (FP) rate  False negative (FN) rate  Possible ranks for the feature  Important  Secondary  Insignificant

  19. The rule set (NN)  If OA increases and FP decreases and FN decreases, then the feature is unimportant  If OA increases and FP increases and FN decreases, then the feature is unimportant  If OA decreases and FP increases and FN increases, then the feature is important  If OA decreases and FP decreases and FN increases, then the feature is important  If OA un-changes and FP un-changes, then the feature is secondary

  20. Little i introduction of t the author r & the paper  The paper was published in 2003  Number of citations until today is 493  Srinivas Mukkamala  University of Southern Mississippi  Network security, computational intelligence  Andrew H. Sung  New Mexico Institute of Mining and Technology  Machine learning, classification, Neural networks, pattern recognition

  21.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  22. SVM c characteristi tics cs • SVM is a binary classifier • Needs five models to classify the five classes • Important features can be different for each model

  24. Per erformance s statis tistics ics w with th 4 40 f fea eatures.

  28.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  29. Neural N Netw twor ork • Consists of a collection of processing elements. • Highly interconnected and transform a set of desired outputs. • Multiple classes can be classified. • Transformation is determined by the characteristics of the elements and the weights associated with the interconnections among them.

  30. Del elete f fea eatures on one b by one ( (NN)

  32.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  33. Su Summary an and Co Conclusi sions • Important features gives the most remarkable performance in terms of training time. • The most important features for the two classes of ‘Normal’ and ‘DOS’ heavily overlap • ‘U2Su’ and ‘R2L’, the two smallest classes representing the most serious attacks, each has a small number of important features and a large number of secondary features

  34.  Objective  The dataset  Ranking the significance of inputs  The Algorithms  Performance metrics for support vector machines  Performance metrics for neural networks  Experiments  Experiments using support vector machines  Experiments using neural networks  Summary & conclusions  Comments

  35. Co Comments  Section: The rule set (SVM)  If accuracy decreases and training time decreases and testing time decrease , then the feature is …  If accuracy increases and training time increase and testing time increase, then the feature is …  Section: The rule set (NN)  If OA un-changes and FP un-changes, then the feature is secondary.  Really! Doesn’t make sense.

  36. Comment nts  Section: Delete features one by one (NN)  How to select which feature to remove is not clear.  The chart is not complete.  Section: Summary and Conclusions  They claim something that we cannot verify with the existing information.  Contradicting conclusions:  Somewhere in conclusions, “The performances of using the important features do not show significant differences to that of using all 41 features.”  Finally, It is a good concept of the elimination of unimportant features to make the more robust and faster.

  37. Questions & Answers

  38. Thank you!

Recommend

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
IT INTRUSION IT INTRUSION FinFisher Product Suite IT INTRUSION IT INTRUSION FinFisher

IT INTRUSION IT INTRUSION FinFisher Product Suite IT INTRUSION IT INTRUSION FinFisher

IT INTRUSION IT INTRUSION FinFisher Product Suite IT INTRUSION IT INTRUSION FinFisher Product Suite FinFisher Product Suite FinFisher Product Suite Usage Usage Information Gathering Information Gathering PC Surveillance

639 views • 39 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

745 views • 40 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Press intrusion. Identifying similar words with different connotations What is press intrusion?

Press intrusion. Identifying similar words with different connotations What is press intrusion?

Topic 12: Press intrusion. Identifying similar words with different connotations What is press intrusion? Press intrusion is an issue which has many stances, often depending on whether you are a member of the press or have been on the receiving

602 views • 9 slides
Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and Computer Security Com puter security: confidentiality, integrity, and availability Intrusion: actions to com prom ise security W hy

1.09k views • 63 slides
Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu BERKE1337 March 3, 2016 Outline 1. Intrusion Detection 101 2. Bro 3. Network Forensics Exercises 1 / 29 Detection vs. Blocking Intrusion

432 views • 32 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

585 views • 30 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

144 views • 12 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald Tripp www.kent.ac.uk Network intrusion detection Network intrusion detection systems are provided to detect the presence of various security

260 views • 12 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
AlphaD3M Machine Learning Pipeline Synthesis Iddo Drori, Yamuna Krishnamurthy, Remi Rampin, Raoni

AlphaD3M Machine Learning Pipeline Synthesis Iddo Drori, Yamuna Krishnamurthy, Remi Rampin, Raoni

AlphaD3M Machine Learning Pipeline Synthesis Iddo Drori, Yamuna Krishnamurthy, Remi Rampin, Raoni de Paula Lourenco, Jorge Piazentin Ono, Kyunghyun Cho, Claudio Silva, Juliana Freire International Workshop on Automatic Machine Learning, ICML,

421 views • 26 slides
The Federal Science Investment: Berkeley Labs Roll in the Nations Innovation Ecosystem Don

The Federal Science Investment: Berkeley Labs Roll in the Nations Innovation Ecosystem Don

The Federal Science Investment: Berkeley Labs Roll in the Nations Innovation Ecosystem Don Medley Head of Federal Government Relations Lawrence Berkeley National Laboratory Community Advisory Group September 10, 2012 Science Drives

228 views • 21 slides
Webinar: NEH Summer Stipends Program Thank you for joining us for this webinar about the NEH

Webinar: NEH Summer Stipends Program Thank you for joining us for this webinar about the NEH

Webinar: NEH Summer Stipends Program Thank you for joining us for this webinar about the NEH Summer Stipends program. This is an opportunity to find out more about the program, and to ask questions. The guidelines have just been posted and

505 views • 21 slides
Fall 2013: Funding Success with the Department of Defense Presentation 3:30 pm Panel Discussion

Fall 2013: Funding Success with the Department of Defense Presentation 3:30 pm Panel Discussion

Research Development Quarterly Workshop Series Fall 2013: Funding Success with the Department of Defense Presentation 3:30 pm Panel Discussion 4:00 pm October 17, 2013 Randal Berg, MBA, PhD Assistant Director of Research Development School

531 views • 19 slides
Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Hidden Subgroup Hidden Subgroup Def. A Map is said to have A Map

Continuous Quantum Continuous Quantum Hidden Subgroup Hidden Subgroup Algorithms Algorithms This work is in collaboration with This work is in collaboration with Samuel J. Lomonaco, Jr. Louis H. Kauffman Louis H. Kauffman Dept. of Comp.

317 views • 12 slides
MD.MFP Dual Use Technology Briefing Larry Herriman, Assistant Executive Director of the

MD.MFP Dual Use Technology Briefing Larry Herriman, Assistant Executive Director of the

MD.MFP Dual Use Technology Briefing Larry Herriman, Assistant Executive Director of the Macomb-OU INCubator Director of the Michigan DARPA Matching Funds Program April 10, 2013 MD.MFP DARPA Organizational Overview 2 MD.MFP What is DARPA?

225 views • 21 slides
High Assu ssurance ce Modeling and Rapid En Engineering (HAM HAMR) R) for Embedded Syst

High Assu ssurance ce Modeling and Rapid En Engineering (HAM HAMR) R) for Embedded Syst

High Assu ssurance ce Modeling and Rapid En Engineering (HAM HAMR) R) for Embedded Syst ystems s AADL Tool Expo October 28, 2019 Robby Jason Belt, John Hatcliff Hariharan Thiagarajan Professor University Distinguished Professor

714 views • 27 slides
MARKET SEGMENTATION FOR ENHANCED BUSINESS DEVELOPMENT ACQUISITION HOUR WEBINAR March 17, 2020

MARKET SEGMENTATION FOR ENHANCED BUSINESS DEVELOPMENT ACQUISITION HOUR WEBINAR March 17, 2020

MARKET SEGMENTATION FOR ENHANCED BUSINESS DEVELOPMENT ACQUISITION HOUR WEBINAR March 17, 2020 3/17/20 WEBINAR ETIQUETTE PLEASE Log into the GoToMeeting session with the name that you registered with online Place your phone or computer

928 views • 53 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.