Title :
Handling nominal features in anomaly intrusion detection problems
Author :
Shyu, Mei-Ling ; Sarinnapakorn, Kanoksri ; Kuruppu-Appuhamilage, Indika ; Chen, Shu-Ching ; Chang, LiWu ; Goldring, Thomas
Author_Institution :
Dept. of Electr. & Comput. Eng., Miami Univ., Coral Gables, FL, USA
Abstract :
Computer network data stream used in intrusion detection usually involve many data types. A common data type is that of symbolic or nominal features. Whether being coded into numerical values or not, nominal features need to be treated differently from numeric features. This paper studies the effectiveness of two approaches in handling nominal features: a simple coding scheme via the use of indicator variables and a scaling method based on multiple correspondence analysis (MCA). In particular, we apply the techniques with two anomaly detection methods: the principal component classifier (PCC) and the Canberra metric. The experiments with KDD 1999 data demonstrate that MCA works better than the indicator variable approach for both detection methods with the PCC coming much ahead of the Canberra metric.
Keywords :
computer network management; data mining; principal component analysis; security of data; Canberra metric; KDD 1999 data; anomaly intrusion detection problems; computer network data stream; data type; indicator variables; multiple correspondence analysis; nominal features; principal component classifier; simple coding scheme; symbolic features; Application software; Computer networks; Computer science; Data mining; Feature extraction; Intrusion detection; Laboratories; National security; Telecommunication traffic; Traffic control; Anomaly detection; indicator variables; intrusion detection; multiple correspondence analysis; nominal features; principal component classifier;
Conference_Titel :
Research Issues in Data Engineering: Stream Data Mining and Applications, 2005. RIDE-SDMA 2005. 15th International Workshop on
Print_ISBN :
0-7695-2390-0
DOI :
10.1109/RIDE.2005.10
