A HYBRID METHOD FOR FEATURE DIMENSION REDUCTION IN INTRUSION DETECTION SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1284Keywords:
intrusion detection systems, dimensionality reduction, Principal Component Analysis, Linear Discriminant Analysis, multicollinearity, NSL-KDD, CICIDS2017, cybersecurity, True Positive, False Positive..Abstract
The paper addresses a pressing scientific and practical challenge: optimizing the feature space of network traffic to enhance the efficiency of intelligent Intrusion Detection Systems (IDS). Under the operational conditions of high-speed heterogeneous networks and stringent computational resource constraints of critical infrastructure facilities, the high dimensionality, sparsity, and multicollinearity of modern data stacks generate the "curse of dimensionality" effect. This leads to the overfitting of classification models and significant inference delays.
To overcome these limitations, a linear hybrid feature reduction methodology, PCA+LDA, is proposed, functioning as a two-stage pipelined filter. In the first stage, Principal Component Analysis (PCA) operates in an unsupervised mode, providing denoising, eliminating linear dependencies, and performing primary data compression without losing informative variance. In the second stage, supervised Linear Discriminant Analysis (LDA) projects the feature vector onto a subspace that maximizes the geometric separability between anomaly classes and legitimate traffic based on inter-class and intra-class variance.
The validation of the methodology was carried out on the representative benchmark datasets NSL-KDD and CICIDS2017. It is mathematically proven that the hybrid approach provides extreme compression of the input feature vector (by a factor of 10 for NSL-KDD and nearly 14 for CICIDS2017), accompanied by an increase in the recognition accuracy of minority threats (U2R, R2L) and complex modern web attacks. The overall False Positive rate was reduced to record lows of ~0.45% and ~0.95%, respectively.
Due to the low computational complexity and the matrix nature of linear inference, the training time of classifiers was reduced to 4% of the baseline level. This makes the proposed approach suitable for integration into highly loaded nodes for real-time gigabit traffic filtering directly at the operating system kernel level or based on programmable network interface cards (SmartNIC).
Directions for future research have been identified, including the development of mechanisms to adapt the architecture to Concept Drift in dynamic network environments, as well as increasing model robustness against Adversarial Machine Learning attacks.
Downloads
References
Buryachok, V. L., Toliupa, S. V., & Semko, V. V. (2016). Informational and cyberspaces: Security problems, methods, and means of counteraction. Nash Format.
Zhylin, A. V., Shapoval, O. M., & Uspenskyi, O. A. (2021). Information protection technologies in information and telecommunication systems. Igor Sikorsky Kyiv Polytechnic Institute Publishing House “Politekhnika”.
Lukova-Chuiko, N. V., Toliupa, S. V., Nakonechnyi, V. S., & Brailovskyi, M. M. (2021). Intrusion detection systems and functional resilience of distributed information systems against cyber threats. Format.
Yevseiev, S. P., Zakovorotnyi, O. Y., Milov, O. V., Kuchuk, H. A., Haluza, O. A., Koval, M. V., Voitko, O. V., & Hryshchuk, R. V. (2024). Methodology for synthesizing models of intelligent management and security systems for critical infrastructure objects. Novyi Svit-2000.
Kostiuk, Y. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Security of information and communication systems. Borys Grinchenko Kyiv Metropolitan University.
Lande, D. V., Subach, I. Y., & Boiarynova, Y. Y. (2018). Fundamentals of theory and practice of intelligent data analysis in cybersecurity. Institute of Special Communication and Information Protection, Igor Sikorsky Kyiv Polytechnic Institute.
Bajaj, K., & Arora, A. (2013). Dimension reduction in intrusion detection features using discriminative machine learning approach. IJCSI International Journal of Computer Science Issues, 10, 324-328.
Zhang, F., & Wang, D. (2013). An effective feature selection approach for network intrusion detection. In 2013 IEEE Eighth International Conference on Networking, Architecture and Storage (pp. 307-311).
Wahba, Y., Elsalamouny, E., & Eltaweel, G. (2015). Improving the performance of multi-class intrusion detection systems using feature reduction. International Journal of Computer Science Issues, 12(3), p.355.
Tesfahun, A., & Bhaskari, D. L. (2013). Intrusion detection using random forests classifier with SMOTE and feature reduction. In 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies (pp. 127-132). IEEE.
Dhafian, B., Ahmad, I., & Al-Ghamid, A. (2015). An overview of the current classification techniques in intrusion detection. In Proceedings of the International Conference on Security and Management (p. 82).
Desale, K. S., & Ade, R. (2015). Genetic algorithm-based feature selection approach for effective intrusion detection system. In 2015 International Conference on Computer Communication and Informatics (pp. 1-6). IEEE.
Zargari, S., & Voorhris, D. (2012). Feature selection in the corrected KDD dataset. In 2012 International Conference on Emerging Intelligent Data and Web Technologies (pp. 174-180). IEEE.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1). https://doi.org/10.1186/s42400-019-0038-7
Toliupa, S., & Kulko, A. (2026). Methodology of comprehensive feature optimization for cyberattack detection systems. Cybersecurity: Education, Science, Technique, 4(32), 1015-1034. https://doi.org/10.28925/2663-4023.2026.32.1204
Goldschmidt, P., & Chudá, D. (2025). Network intrusion datasets: A survey, limitations, and recommendations. Computers & Security, 104510. https://doi.org/10.1016/j.cose.2025.104510
Ibrahimi, K., & Ouaddane, M. (2017). Management of intrusion detection systems based on KDD99: Analysis with LDA and PCA. In 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM). IEEE.
Panigrahi, R., & Borah, S. (2018). A detailed analysis of the CICIDS2017 dataset for designing intrusion detection systems. International Journal of Engineering & Technology, 7(3), 479-482.
Parizad, & Hatziadoniu, C. J. (2022). Cyber-attack detection using principal component analysis and noisy clustering algorithms: A collaborative machine learning-based framework. IEEE Transactions on Smart Grid, 13(6), 4848-4861.
More, P., & Mishra, P. (2020). Enhanced PCA-based dimensionality reduction and feature selection for real-time network threat detection. Engineering, Technology & Applied Science Research, 10(5), p.6270.
Solani, S., & Jadav, N. K. (2021). A novel approach to reduce false-negative alarm rate in network-based intrusion detection system using linear discriminant analysis. In G. Ranganathan, J. Chen, & Á. Rocha (Eds.), Inventive Communication and Computational Technologies (Vol. 145, Lecture Notes in Networks and Systems). Springer. https://doi.org/10.1007/978-981-15-7345-3
Singh, S., & Silakari, S. (2009). Generalized discriminant analysis algorithm for feature reduction in cyber attack detection system. International Journal of Computer Science and Information Security, 6(1), 173-180.
Subba, B., Biswas, S., & Karmakar, S. (2016). Enhancing performance of anomaly-based intrusion detection systems through dimensionality reduction using principal component analysis. In 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS) (pp. 1-6).
Abdulhammed, R., Faezipour, M., Musafer, H., & Abuzneid, A. (2019). Efficient network intrusion detection using PCA-based dimensionality reduction of features. In 2019 International Symposium on Networks, Computers and Communications (ISNCC) (pp. 1-6).
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Андрій Кулько, Сергій Толюпа
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
