Improving performance of network scanning detection through PCA-based feature selection

Transformation of the initial feature in NSL-KDD dataset based on principal component analysis (PCA), generates the new features in smaller dimension. In that dimension, network scanning (Ra-Probe) has a characteristic sign of the average value that is different from the normal activity. The selection used the characteristics of these factors result in two-dimensional subset of the 75% rate reduction. Detection performance testing using a multilayer perceptron (MLP) showed that Subset1 in which there are factors that represent SYN error and REJ error when connecting to the same IP and destination port and connections to the same IP on different services, the data byte sent from the IP source when that connection, and control files show a better performance. The measure of the performance based on the value of precision, recall, F-measure, false negative, and the area under the ROC curve. In the false positive rate of up to 2.5%, ROC curve shows the level of detection using MLP, Subset1 better than the initial feature.