Identifying Intrusions in Computer Networks Using Robust Fuzzy PCA

It is well-known that intrusion detection systems are an effective way to detect malicious connections in a computer network. Different feature extraction techniques have been applied in the field of detection intrusions; the most common one is Principal Component Analysis (PCA). Nevertheless, PCA is restricted to linear principal components and suffers from sensitivity to noise and can be easily affected by outliers. To deal with the drawbacks of PCA many data dimensionality reduction methods have been proposed, among them we found Robust Fuzzy PCA (RFPCA) which employs fuzzy memberships in order to reduce the effect of outliers. Unfortunately, even though RFPCA showed satisfactory results, it still suffers from the influence of outliers. In fact, using an increasing function such as exponential function in the estimation of memberships will assign a big membership values to outliers, consequently, the obtained results can be skewed. In this paper, we suggest a new variant of Robust Fuzzy PCA (RFPCA) method for the purpose of network IDS. Extensive experiments on the two well known datasets i.e. KDDcup99 and NSL-KDD demonstrated that the proposed approach takes the advantage over RFPCA and PCA in terms of network attacks detection and false alarms reduction.

[1]  Nacira Ghoualmi,et al.  Intrusion detection using principal component analysis , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[2]  P. Rousseeuw Multivariate estimation with high breakdown point , 1985 .

[3]  Markus Ringnér,et al.  What is principal component analysis? , 2008, Nature Biotechnology.

[4]  Congde Lu,et al.  A robust kernel PCA algorithm , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[5]  Tai-Ning Yang,et al.  Fuzzy auto-associative neural networks for principal component extraction of noisy data , 2000, IEEE Trans. Neural Networks Learn. Syst..

[6]  Paul D. Gader,et al.  2009 Special Issue: RKF-PCA: Robust kernel fuzzy PCA , 2009 .

[7]  Qiaoyan Wen,et al.  Intrusion detection model based on Android , 2011, 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology.

[8]  Jonathon Shlens,et al.  A Tutorial on Principal Component Analysis , 2014, ArXiv.

[9]  Thomas R. Cundari,et al.  Robust Fuzzy Principal Component Analysis (FPCA). A Comparative Study Concerning Interaction of Carbon—Hydrogen Bonds with Molybdenum—Oxo Bonds. , 2003 .

[10]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[11]  Lawrence Sirovich,et al.  Application of the Karhunen-Loeve Procedure for the Characterization of Human Faces , 1990, IEEE Trans. Pattern Anal. Mach. Intell..

[12]  F. Cuppens,et al.  Efficient Intrusion Detection Using Principal Component Analysis , 2003 .

[13]  Chunmei Zhang,et al.  Adaptive robust kernel PCA algorithm , 2003, 2003 IEEE International Conference on Acoustics, Speech, and Signal Processing, 2003. Proceedings. (ICASSP '03)..

[14]  Shilpa Lakhina,et al.  Feature Reduction using Principal Component Analysis for Effective Anomaly – Based Intrusion Detection on NSL-KDD , 2010 .

[15]  M. Hubert,et al.  A fast method for robust principal components with applications to chemometrics , 2002 .

[16]  Nojun Kwak,et al.  Principal Component Analysis Based on L1-Norm Maximization , 2008, IEEE Transactions on Pattern Analysis and Machine Intelligence.