Handling nominal features in anomaly intrusion detection problems

Mei-Ling Shyu, Kanoksri Sarinnapakorn, Indika Kuruppu-Appuhamilage, Shu Ching Chen, LiWu Chang, Thomas Goldring

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Scopus citations

Abstract

Computer network data stream used in intrusion detection usually involve many data types. A common data type is that of symbolic or nominal features. Whether being coded into numerical values or not, nominal features need to be treated differently from numeric features. This paper studies the effectiveness of two approaches in handling nominal features: a simple coding scheme via the use of indicator variables and a scaling method based on multiple correspondence analysis (MCA). In particular, we apply the techniques with two anomaly detection methods: the principal component classifier (PCC) and the Canberra metric. The experiments with KDD 1999 data demonstrate that MCA works better than the indicator variable approach for both detection methods with the PCC coming much ahead of the Canberra metric.

Original languageEnglish
Title of host publicationProceedings of the IEEE International Workshop on Research Issues in Data Engineering
EditorsJ. Han, H. Kawano
Pages55-62
Number of pages8
StatePublished - Oct 31 2005
Event15th International Workshop on Research Issues in Data Engineering: Stream Data Mining and Applications, RIDE-SDMA 2005 - Tokyo, Japan
Duration: Apr 3 2005Apr 4 2005

Other

Other15th International Workshop on Research Issues in Data Engineering: Stream Data Mining and Applications, RIDE-SDMA 2005
CountryJapan
CityTokyo
Period4/3/054/4/05

    Fingerprint

Keywords

  • Anomaly detection
  • Indicator variables
  • Intrusion detection
  • Multiple correspondence analysis
  • Nominal features
  • Principal component classifier

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Engineering (miscellaneous)

Cite this

Shyu, M-L., Sarinnapakorn, K., Kuruppu-Appuhamilage, I., Chen, S. C., Chang, L., & Goldring, T. (2005). Handling nominal features in anomaly intrusion detection problems. In J. Han, & H. Kawano (Eds.), Proceedings of the IEEE International Workshop on Research Issues in Data Engineering (pp. 55-62)