Intrusion Detection Systems using Linear Discriminant Analysis and Logistic Regression

Anomaly based Intrusion Detection System (IDS) identifies intrusion by training itself to recognize acceptable behavior of the network. It then raises an alarm whenever any anomalous network behaviors outside the boundaries of its training sets are observed. However, anomaly based IDS are usually prone to high false positive rate due to difficulties involved in defining normal and abnormal network traffic patterns. In this paper, we employ two different statistical methods viz. Linear Discriminant Analysis (LDA) and Logistic Regression (LR) to develop new anomaly based IDS models. We then evaluate the performance of these IDS models on the benchmark NSL-KDD data set and analyze their performance against other IDS models based on Naive Bayes, C4.5 and Support Vector Machine (SVM). Experimental results show that the performance (Accuracy and Detection Rate) of both the LDA and the LR based models are at par and in some cases even better than other IDS models. Moreover, unlike the IDS model based on complex method like the SVM, the proposed LDA and LR based IDS models are computationally more efficient, which makes them more suited for deployment in real time network monitoring and intrusion detection analysis.

[1]  Rodrigo Roman,et al.  On the Vital Areas of Intrusion Detection Systems in Wireless Sensor Networks , 2013, IEEE Communications Surveys & Tutorials.

[2]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[3]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[4]  Ali A. Ghorbani,et al.  Network intrusion detection using an improved competitive learning neural network , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[5]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[6]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[7]  Ashraf Darwish,et al.  Principle components analysis and Support Vector Machine based Intrusion Detection System , 2010, 2010 10th International Conference on Intelligent Systems Design and Applications.

[8]  Khaled Labib,et al.  NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organizing Maps , 2002 .

[9]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[10]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[11]  Luigi Coppolino,et al.  Applying Data Mining Techniques to Intrusion Detection in Wireless Sensor Networks , 2013, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[12]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[13]  Ian H. Witten,et al.  Data mining - practical machine learning tools and techniques, Second Edition , 2005, The Morgan Kaufmann series in data management systems.

[14]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[15]  Han Wu,et al.  Anomaly intrusion detection based upon data mining techniques and fuzzy logic , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).