PKRIDS: A Real-Time Hybrid Host-Based Intrusion Detection System Using PCAmix, Kernel PCA, and Random Forest
Keywords:
Host-based Intrusion Detection System (HIDS), PCAmix, Kernel PCA, Random Forest, Real-Time Monitoring, Streamlit, Anomaly Detection. PKRIDSAbstract
The overwhelming sophistication of cyber-attacks requires state-of-the-art intrusion detection systems (IDS) that can dynamically handle the high-dimensional and mixed-type system data in real-time [17]. In this paper, we propose PCAmix-KPCA and Random forest Intrusion Detection System (PKRIDS), which is a real-time Host-based IDS (HIDS) that incorporates PCAmix to transform mixed attributes of numerical and categorical features, KPCA for nonlinear principal component projection and a Random Forest classifier for strong anomaly detection PKRIDS continuously monitors system-level metrics such as CPU usage, memory consumption, login activity, and network behavior through a modular data pipeline. Analysed features are transformed and the anomaly scores are calculated and dynamically evaluated by the 3-sigma statistical thresholding rule. Built using Python and deployed using Streamlit, PKRIDS offers an interactive dashboard for real-time monitoring, alerting, manual model retraining, as well as data export. The performance of PKRIDS on benchmark datasets (NSL-KDD and TON_IoT) and in a real Windows environment demonstrated accuracy of more than 98%, F1-scores above 0.95, false positive rates of Its modular design and real-time adaptivity enable PKRIDS to be a viable solution as an advanced and scalable host-level cybersecurity.