Abstract:
Intrusion detection is an exemplary method designed to monitor the actions happening in a network. Then analyze them for suspected patterns that may identify a network or system violation from someone trying to penetrate and endanger the system. So an Intrusion Detection System (IDS) is software which is applied automatically as a procedure to stop the penetration and attacks of the intruders. It is applied as either Signature recognition or Anomaly detection methodologies. Most of existing IDS required reduction technique in order to minimize the features of data which is irrelevant or redundant. This is needed in case of high dimensionality in network traffic. It is also known that the reduction technique helps the classification algorithms to be very effective. As for the Classification, it achieves and executes the intrusion detection job practically. We realize that Kernel Principal Component Analysis (KPCA) is recognized as a robustification reduction method for standard Principal Component Analysis (PCA) [34]. This research adopts an optimal anomaly detection method to detect multivariate attacks. This method is going to be achieved by measuring the performance of different functions of KPCA as a reduction method applied to different classification algorithms to find out which function of KPCA is the best with any algorithm. Consequently we show that KPCA's methods will not always outperform standard PCA. The final detection's performance, in fact depends on the used classification algorithm. The experiments with NSL-KDD data set demonstrate that the adopted method achieves 98.048% in detection rate and 98.261% in precision with 1.484% false positive rate, consequently outperforms all the other methods. Moreover the results prove that [PCA & K-Nearest Neighbor] outperform [KPCA (Gaussian) & K-Nearest Neighbor] and [KPCA (Quadratic) & K-Nearest Neighbor]. In addition [PCA and Discriminant Analysis] outperform [KPCA (Quadratic) & Discriminant Analysis].
