Intrusion Detection System Using PCA and Kernel PCA Methods

The network traffic data used to build an intrusion detection system is frequently enormous and redundant with important useless information which decreases IDS efficiency. In order to overcome this problem, we have to reduce as much as possible this meaningless information from the original high dimensional data. To do this, we have compared the performance of two features reduction techniques namely, Principal Component Analysis (PCA) and Kernel Principal Component Analysis (KPCA). After the step of dimension reduction, data samples are classified using k nearest neighbor (K-NN) or decision tree algorithm in order to check whether these samples are normal or anomalous network connection. In this paper, the two well-known KDDcup99 and NSL-KDD databases have been used for testing the proposed approaches. Experimental results show that KPCA with the power kernel performs better than many other types of kernels, especially once we have used the KNN classifier. Additionally, we have noted that KPCA method also overcomes PCA in detecting denial of service (DOS) and probing attacks. Lastly, when we have employed a decision tree classifier, KPCA with the spherical kernel takes the advantage over the same kernels used with KNN.