Author(s)

Gholam Reza Zargar, Tania Baghaie

GIS Department, Khuzestan Electrical Power Distributed Company, Ahvaz, Iran.
Training Center of Applied Science and Technology, Tehran Municipality Information and Communication Technology Organization, Tehran, Iran.

Existing Intrusion Detection Systems (IDS) examine all the network features to detect intrusion or misuse patterns. In feature-based intrusion detection, some selected features may found to be redundant, useless or less important than the rest. This paper proposes a category-based selection of effective parameters for intrusion detection using Principal Components Analysis (PCA). In this paper, 32 basic features from TCP/IP header, and 116 derived features from TCP dump are selected in a network traffic dataset. Attacks are categorized in four groups, Denial of Service (DoS), Remote to User attack (R2L), Remote to User attack (U2R) and Probing attack. TCP dump from DARPA 1998 dataset is used in the experiments as the selected dataset. PCA method is used to determine an optimal feature set to make the detection process faster. Experimental results show that feature reduction can improve detection rate for the category-based detection approach while maintaining the detection accuracy within an acceptable range. In this paper KNN classification method is used for the classification of the attacks. Experimental results show that feature reduction will significantly speed up the train and the testing periods for identification of the intrusion attempts.

Intrusion Detection; Principal Components Analysis; Data Dimension Reduction; Feature Selection; Classification

G. Reza Zargar and T. Baghaie, "Category-Based Intrusion Detection Using PCA," Journal of Information Security, Vol. 3 No. 4, 2012, pp. 259-271. doi: 10.4236/jis.2012.34033.