KDD Feature Set Complaint Heuristic Rules for R2L Attack Detection

摘要

Automated rule induction procedures like machine learning and statistical techniques result in rules that lack generalization and maintainability. Developing rules manually through incorporation of attack signatures results in meaningful but weak rules as it is difficult to define thresholds. This paper utilizes a hybrid procedure for developing rules by combining signature analysis with automated techniques to improve readability, comprehensibility, and maintainability of rules. Through the proposed rule-formulation technique, heuristic rules were developed for two remote-to-local (R2L) attacks using the KDD intrusion detection features and dataset. Empirical results show that high detection rates with low false alarms are observed for the warezmaster and warezclient attacks in the KDD data set. The utilized technique also highlighted a mislabeling problem in the KDD dataset for the two R2L attacks considered.