Network Intrusion Detection Based on LDA for Payload Feature Selection

Publisher:
IEEE Computer Society
Publication Type:
Conference Proceeding
Citation:
IEEE Globecom 2010 Workshop on Web and Pervasive Security (WPS 2010), 2010, pp. 1590 - 1594
Issue Date:
2010-01
Full metadata record
Files in This Item:
Filename Description Size
Thumbnail2010000167.pdf822 kB
Adobe PDF
Anomaly Intrusion Detection System (IDS) is a statistical based network IDS which can detect attack variants and nove attacks without a priori knowledge. Current anomaly IDSs are inefficient for real-time detection because of their complex computation. This paper proposes a novel approach to reduce the heavy computational cost of an anomaly IDS. Linear Discriminant Analysis (LDA) and difference distance map are used for selection of significant features. This approach is able to transform high-dimensional features. This approach is able to transform high-dimensional feature vectors into a low-dimensional domain. The similarity between new incoming packets and a normal profile is determined using Euclidean distance o the simple, low dimensional feature domain. The final decision will be made according to a pre-calculated threshold to diffferentiate normal and abnormal network packets. The proposed approach is evaluated using DARPA 1999 IDS dataset.
Please use this identifier to cite or link to this item: