Automatic Feature Construction for Network Intrusion Detection

Binh Tran; Stjepan Picek; Bing Xue

doi:10.1007/978-3-319-68759-9_46

Automatic Feature Construction for Network Intrusion Detection

Binh Tran, Stjepan Picek, Bing Xue^*

^*Corresponding author for this work

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

4 Citations (Scopus)

Abstract

The notion of cyberspace became impossible to separate from the notions of cyber threat and cyberattack. Since cyberattacks are getting easier to run, they are also becoming more serious threats from the economic damage perspective. Consequently, we are evident of a continuous adversarial relationship between the attackers trying to mount as powerful as possible attacks and defenders trying to stop the attackers in their goals. To defend against such attacks, defenders have at their disposal a plethora of techniques but they are often falling behind the attackers due to the fact that they need to protect the whole system while the attacker needs to find only a single weakness to exploit. In this paper, we consider one type of a cyberattack – network intrusion – and investigate how to use feature construction via genetic programming in order to improve the intrusion detection accuracy. The obtained results show that feature construction offers improvements in a number of tested scenarios and therefore should be considered as an important step in defense efforts. Such improvements are especially apparent in scenario with the highly unbalanced data, which also represents the most interesting case from the defensive perspective.

Original language	English
Title of host publication	Simulated Evolution and Learning
Subtitle of host publication	11th International Conference SEAL 2017 Proceedings
Editors	Y. Shi, K.C. Tan, M. Zhang, K. Tang, X. Li, Q. Zhang, Y. Tan, M. Middendorf, Y. Jin
Place of Publication	Cham
Publisher	Springer
Pages	569-580
Number of pages	12
ISBN (Electronic)	978-3-319-68759-9
ISBN (Print)	978-3-319-68758-2
DOIs	https://doi.org/10.1007/978-3-319-68759-9_46
Publication status	Published - 2017
Event	11th International Conference on Simulated Evolution and Learning, SEAL 2017: Asia-Pacific Conference on Simulated Evolution and Learning - Shenzhen, China Duration: 10 Nov 2017 → 13 Nov 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer
Volume	10593
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	11th International Conference on Simulated Evolution and Learning, SEAL 2017
Country/Territory	China
City	Shenzhen
Period	10/11/17 → 13/11/17

Access to Document

10.1007/978-3-319-68759-9_46

Cite this

Tran, B., Picek, S., & Xue, B. (2017). Automatic Feature Construction for Network Intrusion Detection. In Y. Shi, K. C. Tan, M. Zhang, K. Tang, X. Li, Q. Zhang, Y. Tan, M. Middendorf, & Y. Jin (Eds.), Simulated Evolution and Learning : 11th International Conference SEAL 2017 Proceedings (pp. 569-580). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10593 ). Springer. https://doi.org/10.1007/978-3-319-68759-9_46

Tran, Binh ; Picek, Stjepan ; Xue, Bing. / Automatic Feature Construction for Network Intrusion Detection. Simulated Evolution and Learning : 11th International Conference SEAL 2017 Proceedings. editor / Y. Shi ; K.C. Tan ; M. Zhang ; K. Tang ; X. Li ; Q. Zhang ; Y. Tan ; M. Middendorf ; Y. Jin. Cham : Springer, 2017. pp. 569-580 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d3e1a09c667c4b1ab4ada1f82d3ffd9a,

title = "Automatic Feature Construction for Network Intrusion Detection",

abstract = "The notion of cyberspace became impossible to separate from the notions of cyber threat and cyberattack. Since cyberattacks are getting easier to run, they are also becoming more serious threats from the economic damage perspective. Consequently, we are evident of a continuous adversarial relationship between the attackers trying to mount as powerful as possible attacks and defenders trying to stop the attackers in their goals. To defend against such attacks, defenders have at their disposal a plethora of techniques but they are often falling behind the attackers due to the fact that they need to protect the whole system while the attacker needs to find only a single weakness to exploit. In this paper, we consider one type of a cyberattack – network intrusion – and investigate how to use feature construction via genetic programming in order to improve the intrusion detection accuracy. The obtained results show that feature construction offers improvements in a number of tested scenarios and therefore should be considered as an important step in defense efforts. Such improvements are especially apparent in scenario with the highly unbalanced data, which also represents the most interesting case from the defensive perspective.",

author = "Binh Tran and Stjepan Picek and Bing Xue",

year = "2017",

doi = "10.1007/978-3-319-68759-9_46",

language = "English",

isbn = "978-3-319-68758-2",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "569--580",

editor = "Y. Shi and K.C. Tan and M. Zhang and K. Tang and X. Li and Q. Zhang and Y. Tan and M. Middendorf and Y. Jin",

booktitle = "Simulated Evolution and Learning",

note = "11th International Conference on Simulated Evolution and Learning, SEAL 2017 : Asia-Pacific Conference on Simulated Evolution and Learning ; Conference date: 10-11-2017 Through 13-11-2017",

}

Tran, B, Picek, S & Xue, B 2017, Automatic Feature Construction for Network Intrusion Detection. in Y Shi, KC Tan, M Zhang, K Tang, X Li, Q Zhang, Y Tan, M Middendorf & Y Jin (eds), Simulated Evolution and Learning : 11th International Conference SEAL 2017 Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10593 , Springer, Cham, pp. 569-580, 11th International Conference on Simulated Evolution and Learning, SEAL 2017, Shenzhen, China, 10/11/17. https://doi.org/10.1007/978-3-319-68759-9_46

Automatic Feature Construction for Network Intrusion Detection. / Tran, Binh; Picek, Stjepan; Xue, Bing.
Simulated Evolution and Learning : 11th International Conference SEAL 2017 Proceedings. ed. / Y. Shi; K.C. Tan; M. Zhang; K. Tang; X. Li; Q. Zhang; Y. Tan; M. Middendorf; Y. Jin. Cham: Springer, 2017. p. 569-580 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10593 ).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Automatic Feature Construction for Network Intrusion Detection

AU - Tran, Binh

AU - Picek, Stjepan

AU - Xue, Bing

PY - 2017

Y1 - 2017

N2 - The notion of cyberspace became impossible to separate from the notions of cyber threat and cyberattack. Since cyberattacks are getting easier to run, they are also becoming more serious threats from the economic damage perspective. Consequently, we are evident of a continuous adversarial relationship between the attackers trying to mount as powerful as possible attacks and defenders trying to stop the attackers in their goals. To defend against such attacks, defenders have at their disposal a plethora of techniques but they are often falling behind the attackers due to the fact that they need to protect the whole system while the attacker needs to find only a single weakness to exploit. In this paper, we consider one type of a cyberattack – network intrusion – and investigate how to use feature construction via genetic programming in order to improve the intrusion detection accuracy. The obtained results show that feature construction offers improvements in a number of tested scenarios and therefore should be considered as an important step in defense efforts. Such improvements are especially apparent in scenario with the highly unbalanced data, which also represents the most interesting case from the defensive perspective.

AB - The notion of cyberspace became impossible to separate from the notions of cyber threat and cyberattack. Since cyberattacks are getting easier to run, they are also becoming more serious threats from the economic damage perspective. Consequently, we are evident of a continuous adversarial relationship between the attackers trying to mount as powerful as possible attacks and defenders trying to stop the attackers in their goals. To defend against such attacks, defenders have at their disposal a plethora of techniques but they are often falling behind the attackers due to the fact that they need to protect the whole system while the attacker needs to find only a single weakness to exploit. In this paper, we consider one type of a cyberattack – network intrusion – and investigate how to use feature construction via genetic programming in order to improve the intrusion detection accuracy. The obtained results show that feature construction offers improvements in a number of tested scenarios and therefore should be considered as an important step in defense efforts. Such improvements are especially apparent in scenario with the highly unbalanced data, which also represents the most interesting case from the defensive perspective.

UR - http://www.scopus.com/inward/record.url?scp=85034219055&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-68759-9_46

DO - 10.1007/978-3-319-68759-9_46

M3 - Conference contribution

AN - SCOPUS:85034219055

SN - 978-3-319-68758-2

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 569

EP - 580

BT - Simulated Evolution and Learning

A2 - Shi, Y.

A2 - Tan, K.C.

A2 - Zhang, M.

A2 - Tang, K.

A2 - Li, X.

A2 - Zhang, Q.

A2 - Tan, Y.

A2 - Middendorf, M.

A2 - Jin, Y.

PB - Springer

CY - Cham

T2 - 11th International Conference on Simulated Evolution and Learning, SEAL 2017

Y2 - 10 November 2017 through 13 November 2017

ER -

Tran B, Picek S, Xue B. Automatic Feature Construction for Network Intrusion Detection. In Shi Y, Tan KC, Zhang M, Tang K, Li X, Zhang Q, Tan Y, Middendorf M, Jin Y, editors, Simulated Evolution and Learning : 11th International Conference SEAL 2017 Proceedings. Cham: Springer. 2017. p. 569-580. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-68759-9_46

Automatic Feature Construction for Network Intrusion Detection

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this