Abstract:At present some Intrusion Detection Systems (IDS) use the features of TCP/IP data packets for analysis and modeling, but due to the different contribution of TCP/IP features to the detecting process a favorable impact may be made on the promotion of IDS’s detecting rate and real time if the quantity of properties can be reduced properly without affecting the precision of detection. Therefore, a Decision Tree Rule-based Statistical method (DTRS) in light of this is presented to reduce TCP/IP features. Its primary concept is to create n decision trees in n data subsets, extract the rules, work out the relatively important features in accordance with the frequency of use of different features and verify its feasibility and effectiveness through tests.
田俊峰; 王惠然; 傅玥. TCP/IP审计数据缩减技术在入侵检测中的可行性研究[J]. 电子与信息学报, 2007, 29(9): 2248-2251 .
Tian Jun-feng; Wang Hui-ran; Fu Yue. Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection. , 2007, 29(9): 2248-2251 .