A computationally efficient dimensionality reduction and attack classification approach for network intrusion detection

An intrusion detection system (IDS) is a system that monitors network traffic for malicious activity and generates alerts. In anomaly-based detection, machine learning (ML) algorithms exploit various statistical and probabilistic methods to learn from past or historical experience and detect valuable patterns from large, unstructured, and complex datasets. ML-based network intrusion detection aims to identify malicious behavior and alert a system administrator when an intruder tries to penetrate the network. This paper deals with the study, strategic construction, and implementation of a network intrusion detection model based on ML methods. Among the available IDS datasets, five of the most relevant are chosen for the experimental analysis, which are NSL-KDD-2009, CIC-IDS2017, CIC-IDS2018, IoTID20, and UNSW-NB15 datasets. In order to reduce the computation time in the training sample and achieve computational complexity O(N2.38 +/-delta)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$O(N<^>{2.38 \pm \delta })$$\end{document}, we propose a computationally efficient and feasible algorithmic framework for analyzing the network traffic data. The developed approach mainly consists of two phases, i.e., "Scatter Matrices and Eigenvalue Computation based feature Selection" and "Classification procedure for the reduced dimension data." Experimental evaluation of various test case scenarios for the chosen datasets is carried out in the simulation setting. It is observed that the test results outperform the existing intrusion detection methods for detecting certain attack categories.