Encoding approach for intrusion detection using pca and knn classifier

Abstract

Intrusion detection is an evolving area of research in the field of cyber-security. Machine learning offers many best methodologies to help intrusion detection systems (IDSs) for accurately identifying intrusions. Such IDSs analyze the features of traffic packets to identify different types of attacks. While most of the features used in IDS are numeric, some of the features like Protocol-type, Flag and Service are categorical and hence calls for an effective encoding scheme for transforming the categorical features into numeric form before applying PCA like techniques for extracting latent features from numeric data. In this paper, the authors investigate the suitability of encoding categorical features based on the posterior probability of an attack conditioned on the feature in the context of IDS. KNN classifier is used for construction of IDS on top of latent features in numeric form. The proposed method is trained and tested on NSL-KDD data set to predict one among the possible 40 distinct class labels for a test instance. Classification accuracy and false positive rate (FPR) are considered as performance metrics. The results have shown that the proposed approach is good at detecting intrusions with an accuracy of 98.05% and a false alarm rate of 0.35%.