Handling Nominal Features in Anomaly Intrusion Detection Problems

Tokyo, Japan April 03-April 04

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/RIDE.2005.10

15th International Workshop on Resear ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mei-Ling Shyu Articles by Kanoksri Sarinnapakorn Articles by Indika Kuruppu-Appuhamilage Articles by Shu-Ching Chen Articles by LiWu Chang Articles by Thomas Goldring

	ASCII Text	x
	Mei-Ling Shyu, Kanoksri Sarinnapakorn, Indika Kuruppu-Appuhamilage, Shu-Ching Chen, LiWu Chang, Thomas Goldring, "Handling Nominal Features in Anomaly Intrusion Detection Problems," Research Issues in Data Engineering, International Workshop on, pp. 55-62, 15th International Workshop on Research Issues in Data Engineering: Stream Data Mining and Applications (RIDE-SDMA'05), 2005.

	BibTex	x
	@article{ 10.1109/RIDE.2005.10, author = {Mei-Ling Shyu and Kanoksri Sarinnapakorn and Indika Kuruppu-Appuhamilage and Shu-Ching Chen and LiWu Chang and Thomas Goldring}, title = {Handling Nominal Features in Anomaly Intrusion Detection Problems}, journal ={Research Issues in Data Engineering, International Workshop on}, volume = {0}, year = {2005}, issn = {1097-8585}, pages = {55-62}, doi = {http://doi.ieeecomputersociety.org/10.1109/RIDE.2005.10}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Research Issues in Data Engineering, International Workshop on TI - Handling Nominal Features in Anomaly Intrusion Detection Problems SN - 1097-8585 SP55 EP62 A1 - Mei-Ling Shyu, A1 - Kanoksri Sarinnapakorn, A1 - Indika Kuruppu-Appuhamilage, A1 - Shu-Ching Chen, A1 - LiWu Chang, A1 - Thomas Goldring, PY - 2005 KW - Anomaly detection KW - intrusion detection KW - indicator variables KW - multiple correspondence analysis KW - nominal features KW - principal component classifier VL - 0 JA - Research Issues in Data Engineering, International Workshop on ER -

Mei-Ling Shyu, University of Miami

Kanoksri Sarinnapakorn, University of Miami

Indika Kuruppu-Appuhamilage, University of Miami

Shu-Ching Chen, Florida International University

LiWu Chang, Naval Research Laboratory

Thomas Goldring, National Security Agency

Computer network data stream used in intrusion detection usually involve many data types. A common data type is that of symbolic or nominal features. Whether being coded into numerical values or not, nominal features need to be treated differently from numeric features. This paper studies the effectiveness of two approaches in handling nominal features: a simple coding scheme via the use of indicator variables and a scaling method based on multiple correspondence analysis (MCA). In particular, we apply the techniques with two anomaly detection methods: the principal component classifier (PCC) and the Canberra metric. The experiments with KDD 1999 data demonstrate that MCA works better than the indicator variable approach for both detection methods with the PCC coming much ahead of the Canberra metric.

Index Terms:

Anomaly detection, intrusion detection, indicator variables, multiple correspondence analysis, nominal features, principal component classifier

Citation:

Mei-Ling Shyu, Kanoksri Sarinnapakorn, Indika Kuruppu-Appuhamilage, Shu-Ching Chen, LiWu Chang, Thomas Goldring, "Handling Nominal Features in Anomaly Intrusion Detection Problems," ride, pp.55-62, 15th International Workshop on Research Issues in Data Engineering: Stream Data Mining and Applications (RIDE-SDMA'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.