Title :
A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection
Author :
Lima, Christiane Ferreira Lemos ; Assis, Francisco M. ; De Souza, Cleonilson Protásio
Author_Institution :
Dept. of Educ., Fed. Inst. of Maranhao, São Luís, Brazil
Abstract :
The selection of optimal attributes from the set of all possible attributes of a network traffic is the first step to detect network intrusions. However, in order to optimize the effectiveness of intrusion detection procedure and decrease its complexity, it is still a challenge to select an optimal attribute subset. In this context, the primary problem of attribute selection is the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy performances compared with Shannon entropy in order to obtain an optimal attribute subset that increase the capability of the Intrusion Detection System to classify the traffic as normal or as suspicious. In the experimental results, the detection accuracy and the false alarm rate almost remains the same or even becomes better depending on the attack category (e.g. in the DoS and Probing attack) when small attribute subsets are used compared when all attributes are used.
Keywords :
computer network security; entropy; DoS attack; Rényi entropy; Shannon entropy; Tsallis entropy; attack category; attribute selection; detection accuracy; false alarm rate; intrusion detection procedure; intrusion detection system; network intrusion detection; network intrusions; network traffic; optimal attribute subset; optimal attributes; probing attack; Accuracy; Clustering algorithms; Decision trees; Entropy; Intrusion detection; Machine learning; Monitoring; Attribute selection; Rényi and Tsallis entropy; network intrusion detection;
Conference_Titel :
Measurements and Networking Proceedings (M&N), 2011 IEEE International Workshop on
Conference_Location :
Anacapri
Print_ISBN :
978-1-4577-0455-0
DOI :
10.1109/IWMN.2011.6088496
