Skip to main content

Research Repository

Advanced Search

RePIDS: A multi tier Real-time Payload-based Intrusion Detection System

Jamdagni, Aruna; Tan, Zhiyuan; He, Xiangjian; Nanda, Priyadarsi; Liu, Ren Ping


Aruna Jamdagni

Xiangjian He

Priyadarsi Nanda

Ren Ping Liu


Intrusion Detection System (IDS) deals with huge amount of network traffic and uses large feature set to discriminate normal pattern and intrusive pattern. However, most of existing systems lack the ability to process data for real-time anomaly detection. In this paper, we propose a 3-Tier Iterative Feature Selection Engine (IFSEng) for feature subspace selection. Principal Component Analysis (PCA) technique is used for the pre-processing of data. Mahalanobis Distance Map (MDM) is used to discover hidden correlations between the features and between the packets. We also propose a novel Real-time Payload-based Intrusion Detection System (RePIDS) that integrates a 3-Tier IFSEng and the MDM approach. Mahalanobis Distance (MD) dissimilarity criterion is used to classify each packet as either a normal or an attack packet.

The effectiveness of the proposed RePIDS is evaluated using DARPA 99 dataset and Georgia Institute of Technology attack dataset. The traffic for Web-based application is considered for validating our model. F-value, a criterion, is used to evaluate the detection performance of RePIDS. Experimental results show that RePIDS achieves better performance (high F-values, 0.9958 for DARPA 99 dataset and 0.976 for Georgia Institute of Technology attack dataset respectively, with only 0.85% false alarm rate) and lower computational complexity when compared against two state-of-the-art payload-based intrusion detection systems. Additionally, it has 1.3 time higher throughput in comparison with real scenario of medium sized enterprise network


Jamdagni, A., Tan, Z., He, X., Nanda, P., & Liu, R. P. (2013). RePIDS: A multi tier Real-time Payload-based Intrusion Detection System. Computer Networks, 57(3), 811-824.

Journal Article Type Article
Acceptance Date Oct 7, 2012
Online Publication Date Oct 25, 2012
Publication Date 2013-02
Deposit Date Nov 30, 2016
Journal Computer Networks
Print ISSN 1389-1286
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 57
Issue 3
Pages 811-824
Keywords Intrusion detection; Data pre-processing; Principal component analysis; Mahalanobis Distance Map; Principal components; Iterative feature selection
Public URL