Comparison of feature sets for detecting attacks in network traffic

Abstract

The growing amount of encrypted traffic in todays networks makes deep packet inspection infeasible. In addition, high data rates increase the demand for fast processing of network traffic. Attack detection methods need to be based on light feature vectors that can be generated from encrypted network traffic and are easy to extract, process and analyze. So far experts have selected features based on their intuition and previous research works, but there is no general agreement about the features to use for attack detection in a broad scope. In this work we studied five lightweight feature sets recently proposed in the scientific literature. We compared and evaluated the selected vectors with supervised classification schemes.