Class Dependent Feature Transformation for Intrusion Detection Systems

Most of intrusion detection systems use primary and raw input features which are extracted from network connection without any preprocessing on the extracted features. In this paper, we propose a new feature transformation method based on class dependent approach for improving the accuracy of intrusion detection systems. In usual class dependent feature transformation methods the mapping process is accomplished using different mapping matrices for different classes of thedataset. In these methods, there is a difference between the train and test phases. In the training phase of class-dependent methods, samples of each class is mapped only using the corresponding matrix, however, in the test phase, each sampleis mapped using all of the transformed matrices. This may lead to some mistakes in classification. In this paper we modify the train and test phases on class dependent methods and propose a new linear feature transformation method. Unlike the usual class-dependent methods, the training and test phases of the proposed method are very similar. This similarity aids the classifier to learn more about dataset samples and transformation process. The performance of our proposed method is evaluated using three different indices, namely mutual information, maximum relevancy minimum redundancy criteria, and classification accuracy. The proposed method was evaluated on a benchmark intrusion detection dataset (NSLKDD dataset). The experimental results demonstrate that applying the proposed feature transformation method leads to higher classification accuracy and makes the IDS more capable of distinguishing intruders from normal users