Network Intrusion Detection Based on LDA for Payload Feature Selection
- IEEE Computer Society
- Publication Type:
- Conference Proceeding
- IEEE Globecom 2010 Workshop on Web and Pervasive Security (WPS 2010), 2010, pp. 1590 - 1594
- Issue Date:
Anomaly Intrusion Detection System (IDS) is a statistical based network IDS which can detect attack variants and nove attacks without a priori knowledge. Current anomaly IDSs are inefficient for real-time detection because of their complex computation. This paper proposes a novel approach to reduce the heavy computational cost of an anomaly IDS. Linear Discriminant Analysis (LDA) and difference distance map are used for selection of significant features. This approach is able to transform high-dimensional features. This approach is able to transform high-dimensional feature vectors into a low-dimensional domain. The similarity between new incoming packets and a normal profile is determined using Euclidean distance o the simple, low dimensional feature domain. The final decision will be made according to a pre-calculated threshold to diffferentiate normal and abnormal network packets. The proposed approach is evaluated using DARPA 1999 IDS dataset.
Please use this identifier to cite or link to this item: