X hits on this document

PDF document

Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach - page 8 / 10

26 views

0 shares

0 downloads

0 comments

8 / 10

Fig. 3. Feature reduction results for normal

Accuracy

99

.9

9

9

.8

9

9

.7

9

9

.6

9

9

.5

9

9

.4

99

3

6

O ve ra ll

A c c u ra c y

N orm al

A c c u ra c y

A tta c k

A c c u ra c y

1 0 0 .1 100

N o rm a l F e a tu re

R e d u c a tio n

A c c u ra c ie s

41

36

11

31

26 21

16

No

fo Features

Table 4. Description of 5 most important features

Class

Normal

Probe

DoS

U2Su

R2L

Feature Discription

  • hot indicators: Number of “hot” indicators

  • destination bytes: Number of bytes sent from the destination system to the host system

  • source bytes: Number of bytes sent from the host system to the destination system

  • compromised conditions: Number of compromised conditions

  • dst_host_rerror_rate: % of connections that have REJ errors from a destination host

  • dst_host_diff_srv_rate: % of connections to different services from a destination host

  • rerror_rate: % of connections that have REJ errors

  • srv_diff_host_rate: % of connections that have same service to different hosts

  • logged in: binary decision

  • service: type of service

  • count: Number of connections made to the same host system in a given interval of time

  • compromised conditions: Number of compromised conditions

  • wrong_fragments: no of wrong fragments

  • land: 1 if connection is from/to the same host/port; 0 otherwise

  • logged in: 1 if successfully logged in; 0 otherwise

  • root shell: 1 if root shell is obtained; 0 otherwise

  • dst_host_srv_serror_rate: % of connections to the same service that have SYN errors from a destination host

  • no of file creations: no of file creation operations

  • serror_rate: % of connections that have SYN errors

  • dst_host_same_src_port_rate: % of connections to same service ports from a destination host

  • guest login: 1 if the login is a “guest’ login; 0 otherwise

  • no of file access: no of operations on access control files

  • destination bytes: Number of bytes sent from the destination system to the host system

  • faile logins: no of failed login attempts

  • logged in: binary decision

Document info
Document views26
Page views26
Page last viewedSun Dec 04 14:50:26 UTC 2016
Pages10
Paragraphs417
Words4082

Comments