Intrusion Detection Systems using Linear Discriminant Analysis and Logistic Regression

Anomaly based Intrusion Detection System (IDS) identifies intrusion by training itself to recognize acceptable behavior of the network. It then raises an alarm whenever any anomalous network behaviors outside the boundaries of its training sets are observed. However, anomaly based IDS are usually prone to high false positive rate due to difficulties involved in defining normal and abnormal network traffic patterns. In this paper, we employ two different statistical methods viz. Linear Discriminant Analysis (LDA) and Logistic Regression (LR) to develop new anomaly based IDS models. We then evaluate the performance of these IDS models on the benchmark NSL-KDD data set and analyze their performance against other IDS models based on Naive Bayes, C4.5 and Support Vector Machine (SVM). Experimental results show that the performance (Accuracy and Detection Rate) of both the LDA and the LR based models are at par and in some cases even better than other IDS models. Moreover, unlike the IDS model based on complex method like the SVM, the proposed LDA and LR based IDS models are computationally more efficient, which makes them more suited for deployment in real time network monitoring and intrusion detection analysis.