The objective of this study is to explore feature selection for the detection of internal intruders within a local network during the early stages of an attack. As the sophistication of attackers increase, current security systems have proven incapable of detecting advanced stealthy attackers whose aim is to compromise internal networks and remain undetected. We study the available features that are commonly used during network-layer attacker detection and propose two new features to model the extent to which a given networked endpoint conforms with network traffic norms. The proposed features are analysed using several attribute evaluation methods to compare the predictiveness of commonly used features. The results of the analysis show that the proposed features are highly predictive and work towards overcoming the identified deployability issues of previous systems.
|Title of host publication
|Proceedings - 2017 10th International Conference on Developments in eSystems Engineering, DeSE 2017
|Hissam Tawfik, Hani Hamdan, Abir Hussain, Jade Hind, Dhiya Al-Jumeily
|Institute of Electrical and Electronics Engineers Inc.
|Number of pages
|Published - 7 Feb 2018
|10th International Conference on Developments in eSystems Engineering, DeSE 2017 - Paris, France
Duration: 14 Jun 2017 → 16 Jun 2017
|Proceedings - International Conference on Developments in eSystems Engineering, DeSE
|10th International Conference on Developments in eSystems Engineering, DeSE 2017
|14/06/2017 → 16/06/2017
- Feature Selection
- Network Security
- Post Compromise Detection