CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques
File version
Author(s)
Chang, Elizabeth
Dillon, Tharam
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
License
Abstract
Recent research on network intrusion detection has focused on correlation-based techniques, which allow one to adapt to continuously changing environments such as the Internet of Things. Despite it being common practice for network intrusion detection to utilise feature selection techniques to enhance performance, correlation-based techniques have rarely been applied to them. This is mainly due the fact that traditional feature selection methods are not tailored to multivariate correlation techniques and new methods are required. To address this gap, we are introducing CorrCorr, a feature selection method for multivariate correlation-based network anomaly detection systems. Evaluated on the UNSW-NB15 and NSL-KDD intrusion detection dataset, CorrCorr consistently outperformed the original features as well as features selected with a Principal Component Analysis (PCA) and a Pearson class label correlation. We also analysed the UNSW-NB15 dataset on feature correlations and have identified several weaknesses.
Journal Title
Computers & Security
Conference Title
Book Title
Edition
Volume
83
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Cybersecurity and privacy
Science & Technology
Technology
Computer Science, Information Systems
Computer Science
Feature selection
Persistent link to this record
Citation
Gottwalt, F; Chang, E; Dillon, T, CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques, Computers & Security, 2019, 83, pp. 234-245