CFP last date
22 April 2024
Reseach Article

A Hybrid Filter/Wrapper Method for Feature Selection for Computer Worm Detection using Darknet Traffic

by Ochieng Nelson O., Waweru Mwangi R., Ismail Ateya L.
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 180 - Number 44
Year of Publication: 2018
Authors: Ochieng Nelson O., Waweru Mwangi R., Ismail Ateya L.
10.5120/ijca2018917142

Ochieng Nelson O., Waweru Mwangi R., Ismail Ateya L. . A Hybrid Filter/Wrapper Method for Feature Selection for Computer Worm Detection using Darknet Traffic. International Journal of Computer Applications. 180, 44 ( May 2018), 12-17. DOI=10.5120/ijca2018917142

@article{ 10.5120/ijca2018917142,
author = { Ochieng Nelson O., Waweru Mwangi R., Ismail Ateya L. },
title = { A Hybrid Filter/Wrapper Method for Feature Selection for Computer Worm Detection using Darknet Traffic },
journal = { International Journal of Computer Applications },
issue_date = { May 2018 },
volume = { 180 },
number = { 44 },
month = { May },
year = { 2018 },
issn = { 0975-8887 },
pages = { 12-17 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume180/number44/29440-2018917142/ },
doi = { 10.5120/ijca2018917142 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:03:35.433360+05:30
%A Ochieng Nelson O.
%A Waweru Mwangi R.
%A Ismail Ateya L.
%T A Hybrid Filter/Wrapper Method for Feature Selection for Computer Worm Detection using Darknet Traffic
%J International Journal of Computer Applications
%@ 0975-8887
%V 180
%N 44
%P 12-17
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Malicious software and especially computer worms cause significant damage to organizations and individuals alike. The detection of computer worms faces a number of challenges that include incomplete approximations, code morphing (polymorphism and metamorphism), packing, obfuscation, tool detection and even obtaining datasets for training and validation. The challenge of incomplete approximations can partially be solved by feature selection. Generally, only a small number of attributes of binary or network packet headers show a strong correlation with attributes of computer worms. The goal of feature selection is to identify the subset of differentially expressed fields of network packet headers that are potentially relevant for distinguishing the sample classes and is the subject of this study. The datasets used for the experiments were obtained from the University of San Diego California Center for Applied Data Analysis (USCD CAIDA). Two sets of datasets were requested and obtained from this telescope. The first is the Three days of Conficker Dataset ([2]) containing data for three days between November 2008 and January 2009 during which Conficker worm attack ([4]) was active. It was found out that is well known dstport, ip l en, value, ttl and China were the most instructive features.

References
  1. The need for speed: 2013 incident response survey. Technical report.
  2. The caida ucsd network telescope ”three days of conficker”,1995(accessed February 3, 2014).
  3. The caida ucsd network telescope ’two days in november2008’ dataset, 1995(accessed February 3, 2014).
  4. Emile Aben. Conficker/conflicker/downadup as seenfrom the ucsd network telescope. Technical report,https://www.caida.org/research/security/ms08067conficker.xml, 2009.
  5. Veronica Bolon, Noelia Sanchez, and Amparo Alonso. A reviewof feature selection methods on synthetic data. Knowledge Information Systems, 2013.
  6. Girish Chandrashekar and Ferat Sahin. A survey on featur selection methods. Computers and Electrical Engineering, 40(1):16–28, 2014.
  7. M Dash and H Liu. Feature selection for classification. Intelligent data analysis, 1997.
  8. Houtao Deng and G. Runger. Feature selection via regularized trees. In The 2012 International Joint Conference on Neural Networks (IJCNN), pages 1–8, June 2012.
  9. Franc¸ois Fleuret. Fast binary feature selection with conditional mutual information. Journal of Machine Learning Research, 5(Nov):1531–1555, 2004.
  10. Isabelle Guyon and Andre Elisseeff. An introduction to variable and feature selection. Journal of Machine Learning Research, pages 1157–1182, 2003.
  11. Alistair King. Corsaro, 2012
  12. .Vipin Kumar and Sonajharia Minz. Feature selection a literature review. Smart Computing Review, 4(3), 2014.
  13. Huan Liu and Lei Yu. Toward integrating feature selection algorithms for classification and clustering. IEEE Transactions on Knowledge and Data Engineering, 17(4):491–502, April 2005
  14. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830, 2011.
  15. Kohavi Ron and George John. Wrappers for feature selection. Elsevier Artificial Intelligence, 97(1-2):273324, 1997.
  16. Vanaja S and Kumar Ramesh. Analysis of feature selection algorithms on classification a survey. International Journal of Computer Applications, 90(17):29–35, 2014.
  17. Cheng Yang, Li-Ye Chuang, and Cheng Hong. Ig-ga: A hybrid filter/wrapper method for feature selection of microarray data. Journal of Medical and Biological Engineering, 30(1), 2009.
Index Terms

Computer Science
Information Sciences

Keywords

Computer worm detection - feature selection - machine learning - variable selection - hybrid filter wrapper feature selection – comparison of feature selection methods.