globalchange  > 过去全球变化的重建
DOI: 10.1371/journal.pone.0166017
论文题名:
Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation
作者: Taqwa Ahmed Alhaj; Maheyzah Md Siraj; Anazida Zainal; Huwaida Tagelsir Elshoush; Fatin Elhaj
刊名: PLOS ONE
ISSN: 1932-6203
出版年: 2016
发表日期: 2016-11-28
卷: 11, 期:11
语种: 英语
英文关键词: Algorithms ; Clustering algorithms ; Entropy ; Computer networks ; Computer security ; Flooding ; Network analysis ; Principal component analysis
英文摘要: Grouping and clustering alerts for intrusion detection based on the similarity of features is referred to as structurally base alert correlation and can discover a list of attack steps. Previous researchers selected different features and data sources manually based on their knowledge and experience, which lead to the less accurate identification of attack steps and inconsistent performance of clustering accuracy. Furthermore, the existing alert correlation systems deal with a huge amount of data that contains null values, incomplete information, and irrelevant features causing the analysis of the alerts to be tedious, time-consuming and error-prone. Therefore, this paper focuses on selecting accurate and significant features of alerts that are appropriate to represent the attack steps, thus, enhancing the structural-based alert correlation model. A two-tier feature selection method is proposed to obtain the significant features. The first tier aims at ranking the subset of features based on high information gain entropy in decreasing order. The‏ second tier extends additional features with a better discriminative ability than the initially ranked features. Performance analysis results show the significance of the selected features in terms of the clustering accuracy using 2000 DARPA intrusion detection scenario-specific dataset.
URL: http://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0166017&type=printable
Citation statistics:
资源类型: 期刊论文
标识符: http://119.78.100.158/handle/2HF3EXSE/25500
Appears in Collections:过去全球变化的重建
影响、适应和脆弱性
科学计划与规划
气候变化与战略
全球变化的国际研究计划
气候减缓与适应
气候变化事实与影响

Files in This Item: Download All
File Name/ File Size Content Type Version Access License
journal.pone.0166017.pdf(3545KB)期刊论文作者接受稿开放获取
CC BY-NC-SA
View Download

作者单位: Information Assurance and Security Research Group, Faculty of Computing, Universiti Teknologi Malaysia, UTM, Johor Bahru, Johor, Malaysia;Information Assurance and Security Research Group, Faculty of Computing, Universiti Teknologi Malaysia, UTM, Johor Bahru, Johor, Malaysia;Information Assurance and Security Research Group, Faculty of Computing, Universiti Teknologi Malaysia, UTM, Johor Bahru, Johor, Malaysia;Faculty of Mathematical Sciences, University of Khartoum, Khartoum, Sudan;Information Assurance and Security Research Group, Faculty of Computing, Universiti Teknologi Malaysia, UTM, Johor Bahru, Johor, Malaysia

Recommended Citation:
Taqwa Ahmed Alhaj,Maheyzah Md Siraj,Anazida Zainal,et al. Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation[J]. PLOS ONE,2016-01-01,11(11)
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Taqwa Ahmed Alhaj]'s Articles
[Maheyzah Md Siraj]'s Articles
[Anazida Zainal]'s Articles
百度学术
Similar articles in Baidu Scholar
[Taqwa Ahmed Alhaj]'s Articles
[Maheyzah Md Siraj]'s Articles
[Anazida Zainal]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Taqwa Ahmed Alhaj]‘s Articles
[Maheyzah Md Siraj]‘s Articles
[Anazida Zainal]‘s Articles
Related Copyright Policies
Null
收藏/分享
文件名: journal.pone.0166017.pdf
格式: Adobe PDF
此文件暂不支持浏览
所有评论 (0)
暂无评论
 

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.