230 Int. J. Security and Networks, Vol. 12, No. 4, 2017 Copyright © 2017 Inderscience Enterprises Ltd. Intrusion detection systems using a hybrid SVD-based feature extraction method Jamal Ghasemi* Faculty of Engineering and Technology, University of Mazandaran, Babolsar, 4741613534, Iran Email: j.ghasemi@umz.ac.ir *Corresponding author Jamal Esmaily Department of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran, 1678815811, Iran Email: esmaily.jamal@gmail.com Abstract: Intrusion detection systems (IDSs) are able to diagnose network anomalies with the help of machine learning techniques. This paper presents a novel singular value decomposition (SVD)-based method that creates a new feature, which is applied to an IDS. The main goal is to build an effective model on datasets, which have the least possible number of features. Using the least possible number of features is inevitable in case of improving the efficiency and de-escalating the effect of curse of dimensionality in datasets with large number of features. The proposed method combines the SVD method with four classification algorithms; decision tree, Naïve Bayes, neural networks and SVM, to obtain a high accuracy in anomaly detection. This method is applied on the KDD CUP 99 and NSL_KDD datasets. Results of simulations indicate that the proposed method provides a considerable improvement in accuracy, compared with ordinary feature selection methods. Keywords: IDSs; intrusion detection systems; machine learning; classification; SVD; singular value decomposition. Reference to this paper should be made as follows: Ghasemi, J. and Esmaily, J. (2017) ‘Intrusion detection systems using a hybrid SVD-based feature extraction method’, Int. J. Security and Networks, Vol. 12, No. 4, pp.230–240. Biographical notes: Jamal Ghasemi received his MSc and PhD from the Department of Electric and Computer Engineering, University of Mazandaran, Babolsar, Iran, in 2008 and 2012, respectively. Now, he is an Assistant Professor in the University of Mazandaran, Babolsar, Iran. His research interests are mainly focused on the fuzzy and Dempster-Shafer theory, image and signal processing, pattern recognition and optimisation algorithms. He has authored more than 30 research papers and conference proceedings in the mentioned fields. Jamal Esmaily received his BS from the Department of Electric and Computer Engineering, Isfahan University of Technology, Isfahan, Iran, in 2014. He is an MS student at Shahid Rajaee Teacher Training University. His research interest is focused on intelligence system area. 1 Introduction In recent years, a growing number of different internet attacks have occurred all over the world. Business industries and individual users need to make sure of security of their confidential information across the networks. Considering the financial and security damages of such attacks, it is vital to use effective methods to minimise the effects of such damages, which are caused by hackers and intruders. The necessity of using IDSs is that the firewall systems alone are not sufficient to protect a network from various types of network attacks since they cannot defend the network against hacking attacks on open ports. For better performance, an IDS is usually applied alongside the firewall. These systems are able to use machine learning and data mining techniques to detect anomalies by implementing classification algorithms. There are already some suitable methods like snort, which are able to help the firewall in diagnosing attacks. In general, methods like snort have appropriate performance because of their predefined rules. These rules would be defined by experts who acquired their knowledge from defined samples. On the other hand, in machine learning systems, we try to apply earned