Show simple item record

dc.contributor.authorDavis, JJ
dc.contributor.authorFoo, E
dc.date.accessioned2020-03-25T01:20:10Z
dc.date.available2020-03-25T01:20:10Z
dc.date.issued2016
dc.identifier.issn0167-4048
dc.identifier.doi10.1016/j.cose.2016.01.006
dc.identifier.urihttp://hdl.handle.net/10072/392607
dc.description.abstractGenerating discriminative input features is a key requirement for achieving highly accurate classifiers. The process of generating features from raw data is known as feature engineering and it can take significant manual effort. In this paper we propose automated feature engineering to derive a suite of additional features from a given set of basic features with the aim of both improving classifier accuracy through discriminative features, and to assist data scientists through automation. Our implementation is specific to HTTP computer network traffic. To measure the effectiveness of our proposal, we compare the performance of a supervised machine learning classifier built with automated feature engineering versus one using human-guided features. The classifier addresses a problem in computer network security, namely the detection of HTTP tunnels. We use Bro to process network traffic into base features and then apply automated feature engineering to calculate a larger set of derived features. The derived features are calculated without favour to any base feature and include entropy, length and N-grams for all string features, and counts and averages over time for all numeric features. Feature selection is then used to find the most relevant subset of these features. Testing showed that both classifiers achieved a detection rate above 99.93% at a false positive rate below 0.01%. For our datasets, we conclude that automated feature engineering can provide the advantages of increasing classifier development speed and reducing development technical difficulties through the removal of manual feature engineering. These are achieved while also maintaining classification accuracy.
dc.description.peerreviewedYes
dc.languageEnglish
dc.language.isoeng
dc.publisherElsevier
dc.relation.ispartofpagefrom166
dc.relation.ispartofpageto185
dc.relation.ispartofjournalComputers and Security
dc.relation.ispartofvolume59
dc.subject.fieldofresearchInformation and computing sciences
dc.subject.fieldofresearchcode46
dc.titleAutomated feature engineering for HTTP tunnel detection
dc.typeJournal article
dc.type.descriptionC1 - Articles
dcterms.bibliographicCitationDavis, JJ; Foo, E, Automated feature engineering for HTTP tunnel detection, Computers and Security, 2016, 59, pp. 166-185
dcterms.licensehttp://creativecommons.org/licenses/by-nc-nd/4.0/
dc.date.updated2020-03-25T01:17:11Z
dc.description.versionAccepted Manuscript (AM)
gro.rights.copyright© 2016 Elsevier. Licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Licence (http://creativecommons.org/licenses/by-nc-nd/4.0/) which permits unrestricted, non-commercial use, distribution and reproduction in any medium, providing that the work is properly cited.
gro.hasfulltextFull Text
gro.griffith.authorFoo, Ernest


Files in this item

This item appears in the following Collection(s)

  • Journal articles
    Contains articles published by Griffith authors in scholarly journals.

Show simple item record