caa a22 4500 605477914 CHVBK 20210128100403.0 cr unu---uuuuu 210128e20151001xx s 000 0 eng 10.1007/s10994-014-5473-9 doi (NATIONALLICENCE)springer-10.1007/s10994-014-5473-9 Analysis of network traffic features for anomaly detection [Elektronische Daten] [Félix Iglesias, Tanja Zseby] Anomaly detection in communication networks provides the basis for the uncovering of novel attacks, misconfigurations and network failures. Resource constraints for data storage, transmission and processing make it beneficial to restrict input data to features that are (a) highly relevant for the detection task and (b) easily derivable from network observations without expensive operations. Removing strong correlated, redundant and irrelevant features also improves the detection quality for many algorithms that are based on learning techniques. In this paper we address the feature selection problem for network traffic based anomaly detection. We propose a multi-stage feature selection method using filters and stepwise regression wrappers. Our analysis is based on 41 widely-adopted traffic features that are presented in several commonly used traffic data sets. With our combined feature selection method we could reduce the original feature vectors from 41 to only 16 features. We tested our results with five fundamentally different classifiers, observing no significant reduction of the detection performance. In order to quantify the practical benefits of our results, we analyzed the costs for generating individual features from standard IP Flow Information Export records, available at many routers. We show that we can eliminate 13 very costly features and thus reducing the computational effort for on-line feature generation from live traffic observations at network nodes. The Author(s), 2014 Feature selection nationallicence Anomaly detection nationallicence Network security nationallicence Data preprocessing nationallicence Supervised classification nationallicence Iglesias Félix Institute of Telecommunications, Vienna University of Technology, Gusshausstrae 25 / E389, 1040, Wien, Austria aut Zseby Tanja Institute of Telecommunications, Vienna University of Technology, Gusshausstrae 25 / E389, 1040, Wien, Austria aut Machine Learning Springer US; http://www.springer-ny.com 101/1-3(2015-10-01), 59-84 0885-6125 101:1-3<59 2015 101 10994 https://doi.org/10.1007/s10994-014-5473-9 text/html Onlinezugriff via DOI BK010053 XK010053 XK010000 Metadata rights reserved Springer special CC-BY-NC licence nationallicence 1 research-article jats NATIONALLICENCE NATIONALLICENCE NL-springer NATIONALLICENCE 856 40 https://doi.org/10.1007/s10994-014-5473-9 text/html Onlinezugriff via DOI NATIONALLICENCE 700 1- Iglesias Félix Institute of Telecommunications, Vienna University of Technology, Gusshausstrae 25 / E389, 1040, Wien, Austria aut NATIONALLICENCE 700 1- Zseby Tanja Institute of Telecommunications, Vienna University of Technology, Gusshausstrae 25 / E389, 1040, Wien, Austria aut NATIONALLICENCE 773 0- Machine Learning Springer US; http://www.springer-ny.com 101/1-3(2015-10-01), 59-84 0885-6125 101:1-3<59 2015 101 10994