Unsupervised Feature Selection Method for Intrusion Detection System

Ambusaidi, Mohammed A.; He, Xiangjian; Nanda, Priyadarsi

doi:10.1109/trustcom.2015.387

Cited by 20 publications

(9 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that ring -3 based Nighthawk is installing on the same platform and does the same introspection work [11]. Thus, we install the Kernel- [8], Hypervisor- [65] and SMM-based defender [66], and use the mpstate to monitor each CPU utilization. Here we test the CPU consumption with and without installing defenders.…”

Section: ) Comparisonmentioning

confidence: 99%

“…To avoid such malicious remote services, users can either passively trust the platform, supported by security-enhanced workers [3]- [5], or actively seek to validate the remote service environment [6], [7]. To enhance cloud computing security, providers such as IBM and Huawei have proposed a series of security rules based on existing protection protectionmechanism-e.g., a network intrusion detection system (NIDS) [8] and distributed antivirus software [9]. However, such security mechanisms are deployed at the kernel level in the remote target system, which may already be compromised by untrusted platform providers.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

RAitc: Securely Auditing the Remotely Executed Applications

2020

View full text Add to dashboard Cite

One of the most important security challenges in remote computing (e.g., cloud computing) is protecting users' applications running on the service platform from malicious attacks. Because remote users have little control over the platform, a malicious platform manager or platform-sharing guest acting as an adversary can easily create an untrustworthy execution environment. Prior studies have leveraged trusted third party (TTP)-based and trusted execution environment (TEE)-based approaches to mitigate such security issues, but these approaches still provide little transparency from the user's perspective. To address this challenge, we present a remote auditing approach based on an identified trust chain (RAitc) to analyze the correctness of remotely loaded applications. The chain is constructed with two goals: the first is to identify the remote platform to ensure that the user has a designated service system; the second is to build a trust chain from the user to the designated platform via verifiable computing-based module measurements and kernel-based application auditing. RAitc achieves a higher guarantee of safety in securely monitoring and verifying the integrity of remote applications executed by users. In addition, RAitc is both easier and more flexible for the extension of the trust base. Our implementation of RAitc protects users' remote execution environments while requiring an acceptable overhead on the target system in application auditing. We rigorously and comprehensively evaluated the effectiveness and performance of RAitc. The results show that RAitc performs effectively and has acceptable resource consumption.

show abstract

Section: ) Comparisonmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

RAitc: Securely Auditing the Remotely Executed Applications

2020

View full text Add to dashboard Cite

show abstract

“…The system has been evaluated on KDD Cup 99 and ISCX 2012 datasets and achieved promising detection accuracy of 99.95% and 90.12% respectively. However, current network traffic data, which are often huge in size, present a major challenge to IDSs [9]. These "big data" slow down the entire detection process and may lead to unsatisfactory classification accuracy due to the computational difficulties in handling such data.…”

Section: Introductionmentioning

confidence: 99%

Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm

Ambusaidi

Nanda

et al. 2016

IEEE Trans. Comput.

Self Cite

510

241

View full text Add to dashboard Cite

Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.

show abstract

“…Clustering-guided sparse structural learning (CGSSL) is proposed by integrating cluster analysis and sparse structural analysis into a joint framework and experimentally evaluated for the unsupervised feature selection problem [9]. M. A. Ambusaidi et al proposed an unsupervised feature selection algorithm, which is an enhancement over Laplacian score method [10].…”

Section: Introductionmentioning

confidence: 99%

A New Feature Selection Method Based on K-Nearest Neighbor Approach

Wang¹,

Zhang²,

Ma³

2017

Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)

View full text Add to dashboard Cite

Abstract. In many data analysis tasks, one is often confronted with very high dimensional data. Feature selection is an effective method to solve the problem with high dimensional data. The aim of feature selection is to reduce the number of features used in classification or recognition. This reduction is expected to improve the performance of classification and clustering algorithms in terms of speed, accuracy and simplicity. This paper proposes a new unsupervised feature selection algorithm which is based on K-nearest neighbor approach. The proposed algorithm evaluates the whole features according to the each sample in the dataset by the K-nearest neighbor approach. After that, the overall assessment is given based on the assessment of features for each sample. We evaluate the performance of the proposed unsupervised feature selection algorithm using the well-known UCI machine learning datasets , and the results illustrates the proposed algorithm is comparable with the traditional feature selection algorithm.

show abstract

Unsupervised Feature Selection Method for Intrusion Detection System

Cited by 20 publications

References 21 publications

RAitc: Securely Auditing the Remotely Executed Applications

RAitc: Securely Auditing the Remotely Executed Applications

Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm

A New Feature Selection Method Based on K-Nearest Neighbor Approach

Contact Info

Product

Resources

About