Authors: Zyad Elkhadir; Mohammed Benattou
Addresses: LASTID Laboratory, Ibn Tofail University, Kenitra, Morocco ' LASTID Laboratory, Ibn Tofail University, Kenitra, Morocco
Abstract: Dealing with cyber threats, especially intrusion identification, is a critical area of research in the field of information assurance. The hackers employ polymorphic mechanisms to masquerade the attack payload and evade the detection techniques. Numerous feature extraction methods have been used to increase the efficacy of intrusion detection systems (IDSs) such as principal component analysis (PCA) and linear discriminant analysis (LDA). Nonetheless, the classical LDA approach that is based on the ℓ2-norm maximisation is very sensitive to outliers. As a solution to this weakness, the researchers proposed many LDA models which rely on ℓ1 and ℓp norms (p < 2). These variants gave satisfactory results in solving many pattern recognition problems. However, these LDA models have an important limitation. The class mean vectors employed are always estimated by the class sample averages. This approximation is not sufficient enough to represent the class mean, particularly in case there are samples that deviate from the rest of data (outliers). In this paper, we suggest to use the truncated mean to estimate the class mean vectors in ℓp-LDA model. Many experiments on KDDcup99 indicate the superiority of the ℓp-LDA over many LDA variants.
Keywords: linear discriminant analysis; LDA; truncated mean; network anomaly detection; KDDcup99.
International Journal of Information and Computer Security, 2021 Vol.16 No.3/4, pp.355 - 374
Received: 23 Aug 2018
Accepted: 18 Mar 2019
Published online: 15 Nov 2021 *