Attribute normalization in network intrusion detection

Wei Wang*, Xiangliang Zhang, Sylvain Gombault, Svein J. Knapskog

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

55 Scopus citations

Abstract

Anomaly intrusion detection is an important issue in computer network security. As a step of data preprocessing, attribute normalization is essential to detection performance. However, many anomaly detection methods do not normalize attributes before training and detection. Few methods consider to normalize the attributes but the question of which normalization method is more effective still remains. In this paper, we introduce four different schemes of attribute normalization to preprocess the data for anomaly intrusion detection. Three methods, k-NN, PCA as well as SVM, are then employed on the normalized data for comparison of the detection results. KDD Cup 1999 data are used to evaluate the normalization schemes and the detection methods. The systematical evaluation results show that the process of attribute normalization improves a lot the detection performance. The statistical normalization scheme is the best choice for detection if the data set is large.

Original languageEnglish (US)
Title of host publicationI-SPAN 2009 - The 10th International Symposium on Pervasive Systems, Algorithms, and Networks
PublisherIEEE Computer Society
Pages448-453
Number of pages6
ISBN (Print)9780769539089
DOIs
StatePublished - Jan 1 2009
Event10th International Symposium on Pervasive Systems, Algorithms, and Networks, I-SPAN 2009 - Kaohsiung, Taiwan, Province of China
Duration: Dec 14 2009Dec 16 2009

Publication series

NameI-SPAN 2009 - The 10th International Symposium on Pervasive Systems, Algorithms, and Networks

Other

Other10th International Symposium on Pervasive Systems, Algorithms, and Networks, I-SPAN 2009
CountryTaiwan, Province of China
CityKaohsiung
Period12/14/0912/16/09

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'Attribute normalization in network intrusion detection'. Together they form a unique fingerprint.

Cite this