Heuristic Rules for Attack Detection Charged by NSL KDD Dataset

摘要

With the rapidly growing and wide spread use of computer networks, the number of new threats has grown extensively. Automated rule induction procedures for detecting these threats, like machine learning and statistical techniques result in rules that lack generalization and maintainability. In this paper, we focus on detailed study of different types of attacks using NSL KDD dataset by manually developing rules through incorporation of attack signatures. It results in meaningful but weak rules as it is difficult to define thresholds. This paper utilizes a hybrid procedure for developing rules by combining expert knowledge with automated techniques to improve readability, comprehensibility, and maintainability of rules. Through the proposed rule-formation technique, heuristic rules were developed for different attack types included in NSL KDD dataset. Empirical results show that high detection rates with low false alarms are observed for different attack types in the dataset. The utilized techniques also highlighted a mislabeling problem in the NSL KDD dataset for the R2L and U2R attacks considered.