Category-Based Intrusion Detection Using PCA

作     者：Gholam Reza Zargar Tania Baghaie 

作者机构：GIS Department Khuzestan Electrical Power Distributed Company Ahvaz Iran Training Center of Applied Science and Technology Tehran Municipality Information and Communication Technology Organization Tehran Iran 

出 版 物：《Journal of Information Security》 (信息安全（英文）)

年 卷 期：2012年第3卷第4期

页      面：259-271页

学科分类：081203[工学-计算机应用技术] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Intrusion Detection Principal Components Analysis Data Dimension Reduction Feature Selection Classification 

摘      要：Existing Intrusion Detection Systems (IDS) examine all the network features to detect intrusion or misuse patterns. In feature-based intrusion detection, some selected features may found to be redundant, useless or less important than the rest. This paper proposes a category-based selection of effective parameters for intrusion detection using Principal Components Analysis (PCA). In this paper, 32 basic features from TCP/IP header, and 116 derived features from TCP dump are selected in a network traffic dataset. Attacks are categorized in four groups, Denial of Service (DoS), Remote to User attack (R2L), Remote to User attack (U2R) and Probing attack. TCP dump from DARPA 1998 dataset is used in the experiments as the selected dataset. PCA method is used to determine an optimal feature set to make the detection process faster. Experimental results show that feature reduction can improve detection rate for the category-based detection approach while maintaining the detection accuracy within an acceptable range. In this paper KNN classification method is used for the classification of the attacks. Experimental results show that feature reduction will significantly speed up the train and the testing periods for identification of the intrusion attempts.