Visible to the public Feature Popularity Between Different Web Attacks with Supervised Feature Selection Rankers

Submitted by grigby1 on Tue, 06/14/2022 - 1:13pm
TitleFeature Popularity Between Different Web Attacks with Supervised Feature Selection Rankers
Publication TypeConference Paper
Year of Publication2021
AuthorsZuech, Richard, Hancock, John, Khoshgoftaar, Taghi M.
Conference Name2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA)
Date Publisheddec
KeywordsBig Data, big data security metrics, Conferences, Feature Popularity, feature selection, feature similarity, Force, Intrusion detection, machine learning, Measurement, pubcrawl, Radio frequency, resilience, Resiliency, Scalability, SQL Injection, Web attacks
AbstractWe introduce the novel concept of feature popularity with three different web attacks and big data from the CSE-CIC-IDS2018 dataset: Brute Force, SQL Injection, and XSS web attacks. Feature popularity is based upon ensemble Feature Selection Techniques (FSTs) and allows us to more easily understand common important features between different cyberattacks, for two main reasons. First, feature popularity lists can be generated to provide an easy comprehension of important features across different attacks. Second, the Jaccard similarity metric can provide a quantitative score for how similar feature subsets are between different attacks. Both of these approaches not only provide more explainable and easier-to-understand models, but they can also reduce the complexity of implementing models in real-world systems. Four supervised learning-based FSTs are used to generate feature subsets for each of our three different web attack datasets, and then our feature popularity frameworks are applied. For these three web attacks, the XSS and SQL Injection feature subsets are the most similar per the Jaccard similarity. The most popular features across all three web attacks are: Flow\_Bytes\_s, FlowIAT\_Max, and Flow\_Packets\_s. While this introductory study is only a simple example using only three web attacks, this feature popularity concept can be easily extended, allowing an automated framework to more easily determine the most popular features across a very large number of attacks and features.
DOI10.1109/ICMLA52953.2021.00013
Citation Keyzuech_feature_2021
Groups: