Abstract
Time as a variable for generating features has been widely overlooked in Intrusion Detection System (IDS) research. Computer and network attacks are time series, where time is an important factor that may affect feature generation, and as a result, classification. Nevertheless, there has been little exploration on how to calibrate time for IDSs and attack classification techniques. In this paper we explore time windows as a technique for generating more effective and descriptive features for attack classification. We suggest a framework for feature generation and selection that uses Recursive Feature Elimination (RFE) and time window exploration. Our initial results when applying this framework indicate that there is up to 47% improvement of F1 scores in attack classification when attack features are generated over a variety of time windows, compared to a single, global time window. We find that features calculated over longer lengths of time may be more useful for detecting attacks than over shorter lengths of time. Our methods seem to be most effective at detecting DDoS attacks, particularly those that occur over medium or long durations of time.
Xenia Mountrouidou
Senior Security Researcher
Xenia Mountrouidou is a Senior Security Researcher at Cyber adAPT with versatile experience in academia and industry. She has over 10 years of research experience in network security, machine learning, and data analytics for computer networks. She enjoys writing Python scripts to automate boring things, finding interesting patterns with machine learning algorithms, and researching novel intrusion detection techniques. Her research interests revolve around network security, Internet of Things, intrusion detection, and machine learning.