Title: A truncated mean ℓ_p-LDA approach for intrusion detection system

Authors: Zyad Elkhadir; Mohammed Benattou

Addresses: LASTID Laboratory, Ibn Tofail University, Kenitra, Morocco ' LASTID Laboratory, Ibn Tofail University, Kenitra, Morocco

Abstract: Dealing with cyber threats, especially intrusion identification, is a critical area of research in the field of information assurance. The hackers employ polymorphic mechanisms to masquerade the attack payload and evade the detection techniques. Numerous feature extraction methods have been used to increase the efficacy of intrusion detection systems (IDSs) such as principal component analysis (PCA) and linear discriminant analysis (LDA). Nonetheless, the classical LDA approach that is based on the ℓ₂-norm maximisation is very sensitive to outliers. As a solution to this weakness, the researchers proposed many LDA models which rely on ℓ₁ and ℓ_p norms (p < 2). These variants gave satisfactory results in solving many pattern recognition problems. However, these LDA models have an important limitation. The class mean vectors employed are always estimated by the class sample averages. This approximation is not sufficient enough to represent the class mean, particularly in case there are samples that deviate from the rest of data (outliers). In this paper, we suggest to use the truncated mean to estimate the class mean vectors in ℓ_p-LDA model. Many experiments on KDDcup99 indicate the superiority of the ℓ_p-LDA over many LDA variants.

Keywords: linear discriminant analysis; LDA; truncated mean; network anomaly detection; KDDcup99.

DOI: 10.1504/IJICS.2021.118957

International Journal of Information and Computer Security, 2021 Vol.16 No.3/4, pp.355 - 374

Received: 23 Aug 2018
Accepted: 18 Mar 2019
Published online: 15 Nov 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article