DocumentCode
1820021
Title
Handling nominal features in anomaly intrusion detection problems
Author
Shyu, Mei-Ling ; Sarinnapakorn, Kanoksri ; Kuruppu-Appuhamilage, Indika ; Chen, Shu-Ching ; Chang, LiWu ; Goldring, Thomas
Author_Institution
Dept. of Electr. & Comput. Eng., Miami Univ., Coral Gables, FL, USA
fYear
2005
fDate
3-4 April 2005
Firstpage
55
Lastpage
62
Abstract
Computer network data stream used in intrusion detection usually involve many data types. A common data type is that of symbolic or nominal features. Whether being coded into numerical values or not, nominal features need to be treated differently from numeric features. This paper studies the effectiveness of two approaches in handling nominal features: a simple coding scheme via the use of indicator variables and a scaling method based on multiple correspondence analysis (MCA). In particular, we apply the techniques with two anomaly detection methods: the principal component classifier (PCC) and the Canberra metric. The experiments with KDD 1999 data demonstrate that MCA works better than the indicator variable approach for both detection methods with the PCC coming much ahead of the Canberra metric.
Keywords
computer network management; data mining; principal component analysis; security of data; Canberra metric; KDD 1999 data; anomaly intrusion detection problems; computer network data stream; data type; indicator variables; multiple correspondence analysis; nominal features; principal component classifier; simple coding scheme; symbolic features; Application software; Computer networks; Computer science; Data mining; Feature extraction; Intrusion detection; Laboratories; National security; Telecommunication traffic; Traffic control; Anomaly detection; indicator variables; intrusion detection; multiple correspondence analysis; nominal features; principal component classifier;
fLanguage
English
Publisher
ieee
Conference_Titel
Research Issues in Data Engineering: Stream Data Mining and Applications, 2005. RIDE-SDMA 2005. 15th International Workshop on
ISSN
1097-8585
Print_ISBN
0-7695-2390-0
Type
conf
DOI
10.1109/RIDE.2005.10
Filename
1498231
Link To Document