Next Article in Journal
Learning a Hierarchical Global Attention for Image Classification
Next Article in Special Issue
From Mirrors to Free-Space Optical Communication—Historical Aspects in Data Transmission
Previous Article in Journal
Visualization, Interaction and Analysis of Heterogeneous Textbook Resources
Previous Article in Special Issue
Autonomous Navigation of a Solar-Powered UAV for Secure Communication in Urban Environments with Eavesdropping Avoidance
Article

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

Department of Mathematics and Computer Science, University of Cagliari, 09124 Cagliari, Italy
*
Author to whom correspondence should be addressed.
This is an extended version of our paper accepted at the 12th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, 2020.
These authors contributed equally to this work.
Future Internet 2020, 12(10), 177; https://doi.org/10.3390/fi12100177
Received: 10 September 2020 / Revised: 17 October 2020 / Accepted: 18 October 2020 / Published: 21 October 2020
The dramatic increase in devices and services that has characterized modern societies in recent decades, boosted by the exponential growth of ever faster network connections and the predominant use of wireless connection technologies, has materialized a very crucial challenge in terms of security. The anomaly-based intrusion detection systems, which for a long time have represented some of the most efficient solutions to detect intrusion attempts on a network, have to face this new and more complicated scenario. Well-known problems, such as the difficulty of distinguishing legitimate activities from illegitimate ones due to their similar characteristics and their high degree of heterogeneity, today have become even more complex, considering the increase in the network activity. After providing an extensive overview of the scenario under consideration, this work proposes a Local Feature Engineering (LFE) strategy aimed to face such problems through the adoption of a data preprocessing strategy that reduces the number of possible network event patterns, increasing at the same time their characterization. Unlike the canonical feature engineering approaches, which take into account the entire dataset, it operates locally in the feature space of each single event. The experiments conducted on real-world data showed that this strategy, which is based on the introduction of new features and the discretization of their values, improves the performance of the canonical state-of-the-art solutions. View Full-Text
Keywords: intrusion detection; anomaly detection; networking; data preprocessing; machine learning intrusion detection; anomaly detection; networking; data preprocessing; machine learning
Show Figures

Figure 1

MDPI and ACS Style

Carta, S.; Podda, A.S.; Recupero, D.R.; Saia, R. A Local Feature Engineering Strategy to Improve Network Anomaly Detection. Future Internet 2020, 12, 177. https://doi.org/10.3390/fi12100177

AMA Style

Carta S, Podda AS, Recupero DR, Saia R. A Local Feature Engineering Strategy to Improve Network Anomaly Detection. Future Internet. 2020; 12(10):177. https://doi.org/10.3390/fi12100177

Chicago/Turabian Style

Carta, Salvatore, Alessandro S. Podda, Diego R. Recupero, and Roberto Saia. 2020. "A Local Feature Engineering Strategy to Improve Network Anomaly Detection" Future Internet 12, no. 10: 177. https://doi.org/10.3390/fi12100177

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop