KEPCO Journal on Electric Power and Energy

Korea Electric Power Corporation (한국전력공사)
권호 표지
DOI QR코드

DOI QR Code

A Method to Find Feature Set for Detecting Various Denial Service Attacks in Power Grid

전력망에서의 다양한 서비스 거부 공격 탐지 위한 특징 선택 방법

  • Lee, DongHwi (Department of Information Security, Dongshin University) ;
  • Kim, Young-Dae (Department of Information Security, Dongshin University) ;
  • Park, Woo-Bin (Department of Information Security, Dongshin University) ;
  • Kim, Joon-Seok (Department of Information Security, Dongshin University) ;
  • Kang, Seung-Ho (Department of Information Security, Dongshin University)
  • Received : 2016.02.09
  • Accepted : 2016.04.25
  • Published : 2016.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Network intrusion detection system based on machine learning method such as artificial neural network is quite dependent on the selected features in terms of accuracy and efficiency. Nevertheless, choosing the optimal combination of features, which guarantees accuracy and efficienty, from generally used many features to detect network intrusion requires extensive computing resources. In this paper, we deal with a optimal feature selection problem to determine 6 denial service attacks and normal usage provided by NSL-KDD data. We propose a optimal feature selection algorithm. Proposed algorithm is based on the multi-start local search algorithm, one of representative meta-heuristic algorithm for solving optimization problem. In order to evaluate the performance of our proposed algorithm, comparison with a case of all 41 features used against NSL-KDD data is conducted. In addtion, comparisons between 3 well-known machine learning methods (multi-layer perceptron., Bayes classifier, and Support vector machine) are performed to find a machine learning method which shows the best performance combined with the proposed feature selection method.

인공신경망과 같은 기계학습에 기반한 네트워크 침입탐지/방지시스템은 특징 조합에 따라 탐지의 정확성과 효율성 측면에서 크게 영향을 받는다. 하지만 침입탐지에 사용 가능한 여러개의 특징들 중 정확성과 효율성 측면에서 최적의 특징 조합을 추출하는 특징 선택 문제는 많은 계산량을 요구한다. 본 논문에서는 NSL-KDD 데이터 집합에서 제공하는 6가지 서비스 거부 공격과 정상 트래픽을 구분해 내기 위한 최적 특징 조합 선택 문제를 다룬다. 최적 특징 조합 선택 문제를 해결하기 위해 대표적인 메타 휴리스틱 알고리즘 중 하나인 다중 시작 지역탐색 알고리즘에 기반한 최적 특징 선택 알고리즘을 제시한다. 제안한 특징 선택 알고리즘의 성능 평가를 위해 NSL-KDD 데이터를 상대로 41개의 특징 모두를 사용한 경우와 비교한다. 그리고 선택된 특징 조합을 사용했을 때 가장 높은 성능을 보여주는 기계학습 방법을 찾기위해 3가지 잘 알려진 기계학습 방법들 (베이즈 분류기와 인공신경망, 서포트 벡터 머신)을 사용해 성능을 비교한다.

Keywords

References

  1. S. Paliwal and R. Gupta, "Denial-of-Service, Probing & Remote to User (R2L) Attack Detection using Genetic Algorithm," International Journal of Computer Application, 60(19), 2012.
  2. M. Sabhnani and G. Serpen, "Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context," Proc. of International Conference on Machine Learning: Models, Technologies, and Applications, 23-26 June 2003, Las Vegas, Nevada, USA, pp. 209-215, 2003.
  3. C. F. Tsai, Y. F. Hsu, C. Y. Lin, and W. Y. Lin, "Intrusion detection by machine learning: a review," Expert System with Applications 36(10), 2009.
  4. KDD Cup 1999. Available on:http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 2007.
  5. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," Proc. 2009 IEEE Int. Conf. Comput. Intell. Security Defense Appl. CISDA 2009, pp. 53-58.
  6. NSL_KDD data set. Avalilable on: http://nsl.cs.unb.ca/NSL-KDD/
  7. H. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, "Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets," in Thrid Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada, 2005.
  8. A. A. Olusola, A. S. Oladele, and D. O. Abosede, "Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features," in Proc. of the World Congress on Engineering and Computer Science, Vol. 1, 2010.
  9. S. Parazad, E. Saboori, and A. Allahyar, "Fast Feature Reduction in Intrusion Detection Datasets," in MIPRO, Proceedings of the 35th International Convention, pp.1023-1029, 2012.
  10. S. H. Kang, and K. J. Kim, "A feature selection approach to find optimal feature subsets for the network intrusion detection system," Cluster Computing, 2015. DOI 10.1007/s10586-015-0527-8
  11. G. H. John, and P. Langley, "Estimating continuous distributions in Bayesian classifier," Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, Montreal, QU, Canada, 1995.
  12. C. J. C. Burges, "A tutorial on support vector machine for pattern recognition," Data Mining and Knowledge Discovery 2, pp.121-167, 1998. https://doi.org/10.1023/A:1009715923555