Academic Journals Database
Disseminating quality controlled scientific knowledge

Category-Based Intrusion Detection Using PCA

ADD TO MY LIST
 
Author(s): Gholam Reza Zargar | Tania Baghaie

Journal: Journal of Information Security
ISSN 2153-1234

Volume: 03;
Issue: 04;
Start page: 259;
Date: 2012;
Original page

Keywords: Intrusion Detection | Principal Components Analysis | Data Dimension Reduction | Feature Selection | Classification

ABSTRACT
Existing Intrusion Detection Systems (IDS) examine all the network features to detect intrusion or misuse patterns. In feature-based intrusion detection, some selected features may found to be redundant, useless or less important than the rest. This paper proposes a category-based selection of effective parameters for intrusion detection using Principal Components Analysis (PCA). In this paper, 32 basic features from TCP/IP header, and 116 derived features from TCP dump are selected in a network traffic dataset. Attacks are categorized in four groups, Denial of Service (DoS), Remote to User attack (R2L), Remote to User attack (U2R) and Probing attack. TCP dump from DARPA 1998 dataset is used in the experiments as the selected dataset. PCA method is used to determine an optimal feature set to make the detection process faster. Experimental results show that feature reduction can improve detection rate for the category-based detection approach while maintaining the detection accuracy within an acceptable range. In this paper KNN classification method is used for the classification of the attacks. Experimental results show that feature reduction will significantly speed up the train and the testing periods for identification of the intrusion attempts.
Why do you need a reservation system?      Affiliate Program