A Gaussian Distribution-based Lightweight Intrusion Detection Model

The important parts of building a lightweight intrusion detection model include selecting informative features and designing efficient classification process. In this paper, we propose a novel Gaussian distribution-based lightweight intrusion detection (GDLID) model, which combines a Gaussian distribution filtering model with a particular machine learning algorithm. Initially, feature selection with information gain is performed to find out the features with the most discriminative information, and 2 features are selected for our model. Then, we build a Gaussian distribution describing normal data and carry out a threshold selection algorithm to establish our Gaussian distribution filtering model which distinguishes outliers, uncertain data and normal data. Finally, we incorporate 5 well-known machine learning algorithms respectively into our model to classify the uncertain data. Experimental results show that our GD-LID model has very similar accuracy rate compared with using the 5 machine learning algorithms directly, but it can filter 43.05% of total network traffic data with only 2 features.