Category-Based Intrusion Detection Using PCA

Gholam Reza Zargar, Tania Baghaie
2012 Journal of Information Security  
Existing Intrusion Detection Systems (IDS) examine all the network features to detect intrusion or misuse patterns. In feature-based intrusion detection, some selected features may found to be redundant, useless or less important than the rest. This paper proposes a category-based selection of effective parameters for intrusion detection using Principal Components Analysis (PCA). In this paper, 32 basic features from TCP/IP header, and 116 derived features from TCP dump are selected in a
more » ... elected in a network traffic dataset. Attacks are categorized in four groups, Denial of Service (DoS), Remote to User attack (R2L), Remote to User attack (U2R) and Probing attack. TCP dump from DARPA 1998 dataset is used in the experiments as the selected dataset. PCA method is used to determine an optimal feature set to make the detection process faster. Experimental results show that feature reduction can improve detection rate for the category-based detection approach while maintaining the detection accuracy within an acceptable range. In this paper KNN classification method is used for the classification of the attacks. Experimental results show that feature reduction will significantly speed up the train and the testing periods for identification of the intrusion attempts.
doi:10.4236/jis.2012.34033 fatcat:nhhpsfsbyfcofauo4jeqzcbgqe