Selecting Scalable Network Features for Infiltration Detection

The objective of this study is to explore feature selection for the detection of internal intruders within a local network during the early stages of an attack. As the sophistication of attackers increase, current security systems have proven incapable of detecting advanced stealthy attackers whose aim is to compromise internal networks and remain undetected. We study the available features that are commonly used during network-layer attacker detection and propose two new features to model the extent to which a given networked endpoint conforms with network traffic norms. The proposed features are analysed using several attribute evaluation methods to compare the predictiveness of commonly used features. The results of the analysis show that the proposed features are highly predictive and work towards overcoming the identified deployability issues of previous systems.