Next Article in Journal
Enhancement of Exit Flow Uniformity by Modifying the Shape of a Gas Torch to Obtain a Uniform Temperature Distribution on a Steel Plate during Preheating
Previous Article in Journal
Research Progress of Visual Inspection Technology of Steel Products—A Review
Article Menu

Export Article

Open AccessArticle
Appl. Sci. 2018, 8(11), 2196; https://doi.org/10.3390/app8112196

Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic

Institute of Telecommunications, TU Wien, 1040 Wien, Austria
*
Author to whom correspondence should be addressed.
Received: 25 October 2018 / Revised: 5 November 2018 / Accepted: 6 November 2018 / Published: 9 November 2018
(This article belongs to the Section Computer Science and Electrical Engineering)
Full-Text   |   PDF [376 KB, uploaded 9 November 2018]   |  
  |   Review Reports

Abstract

The consolidation of encryption and big data in network communications have made deep packet inspection no longer feasible in large networks. Early attack detection requires feature vectors which are easy to extract, process, and analyze, allowing their generation also from encrypted traffic. So far, experts have selected features based on their intuition, previous research, or acritically assuming standards, but there is no general agreement about the features to use for attack detection in a broad scope. We compared five lightweight feature sets that have been proposed in the scientific literature for the last few years, and evaluated them with supervised machine learning. For our experiments, we use the UNSW-NB15 dataset, recently published as a new benchmark for network security. Results showed three remarkable findings: (1) Analysis based on source behavior instead of classic flow profiles is more effective for attack detection; (2) meta-studies on past research can be used to establish satisfactory benchmarks; and (3) features based on packet length are clearly determinant for capturing malicious activity. Our research showed that vectors currently used for attack detection are oversized, their accuracy and speed can be improved, and are to be adapted for dealing with encrypted traffic. View Full-Text
Keywords: feature selection; network attack detection; supervised learning feature selection; network attack detection; supervised learning
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Meghdouri, F.; Zseby, T.; Iglesias, F. Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic. Appl. Sci. 2018, 8, 2196.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Appl. Sci. EISSN 2076-3417 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top