By Topic

A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Ferreira Lemos Lima, C. ; Dept. of Educ., Fed. Inst. of Maranhao, São Luís, Brazil ; Assis, F.M. ; de Souza, C.P.

The selection of optimal attributes from the set of all possible attributes of a network traffic is the first step to detect network intrusions. However, in order to optimize the effectiveness of intrusion detection procedure and decrease its complexity, it is still a challenge to select an optimal attribute subset. In this context, the primary problem of attribute selection is the criterion to evaluate a given attribute subset. In this work, it is presented an evaluation of Rényi and Tsallis entropy performances compared with Shannon entropy in order to obtain an optimal attribute subset that increase the capability of the Intrusion Detection System to classify the traffic as normal or as suspicious. In the experimental results, the detection accuracy and the false alarm rate almost remains the same or even becomes better depending on the attack category (e.g. in the DoS and Probing attack) when small attribute subsets are used compared when all attributes are used.

Published in:

Measurements and Networking Proceedings (M&N), 2011 IEEE International Workshop on

Date of Conference:

10-11 Oct. 2011