Network intrusion detection based on LDA for payload feature selection

Anomaly Intrusion Detection System (IDS) is a statistical based network IDS which can detect attack variants and novel attacks without a priori knowledge. Current anomaly IDSs are inefficient for real-time detection because of their complex computation. This paper proposes a novel approach to reduce the heavy computational cost of an anomaly IDS. Linear Discriminant Analysis (LDA) and difference distance map are used for selection of significant features. This approach is able to transform high-dimensional feature vectors into a low-dimensional domain. The similarity between new incoming packets and a normal profile is determined using Euclidean distance on the simple, low-dimensional feature domain. The final decision will be made according to a pre-calculated threshold to differentiate normal and abnormal network packets. The proposed approach is evaluated using DARPA 1999 IDS dataset. ©2010 IEEE

A New Incremental Decision Tree Learning for Cyber Security based on ILDA and Mahalanobis Distance

A cyber-attack detection is currently essential for computer network protection. The fundamentals of protection are to detect cyber-attack effectively with the ability to combat it in various ways and with constant data learning such as internet traffic. With these functions, each cyber-attack can be memorized and protected effectively any time. This research will present procedures for a cyber-attack detection system Incremental Decision Tree Learning (IDTL) that use the principle through Incremental Linear Discriminant Analysis (ILDA) together with Mahalanobis distance for classification of the hierarchical tree by reducing data features that enhance classification of a variety of malicious data. The proposed model can learn a new incoming datum without involving the previous learned data and discard this datum after being learned. The results of the experiments revealed that the proposed method can improve classification accuracy as compare with other methods. They showed the highest accuracy when compared to other methods. If comparing with the effectiveness of each class, it was found that the proposed method can classify both intrusion datasets and other datasets efficiently