Network intrusion detection system using L1-norm PCA

The rapid evolution of information and communication technologies leads to a big networks security problem. For this reason, the Intrusion Detection System (IDS) has been developed in order to detect and prevent computer network attacks. However, the majority of IDSs operate on huge network traffic data with many useless and redundant features. Consequently, the IDS generates a lot of false alarms and the intrusion detection process becomes difficult and imprecise. To improve the performance of an IDS, many data dimensionality reduction methods, such as Principal Component Analysis (PCA), have been proposed. However, the classical PCA approach, that is based on the covariance matrix of the data, is very sensitive to outliers. In order to overcome this problem, we propose to introduce a new variant of PCA namely L1-norm PCA. This new method is based on the L1-norm maximization, which is more robust to outliers, instead of the Euclidean norm in the classical PCA. Extensive experiments on the well-known KDDcup99 dataset are exploited for testing the effectiveness of the proposed approach. Obtained results confirm the superiority of L1-norm PCA over the traditional PCA in terms of network attacks detection and false alarms reduction.