**6. Feature optimization using canonical correlation analysis**

The preprocessed set of network transactions are partitioned based on its labeling ("normal" transactions as one set, "DoS" transactions as the other set and similar other range of sets). Unique values of each feature value set *fi v NTS* ð Þ in the resultant normal transactions set (NTS) and its percentage of coverage are:

$$f\_i v = \left\{ f\_i(v\_1, c\_1), f\_i(v\_2, c\_2), f\_i(v\_3, c\_3), f\_i(v\_4, c\_4), \dots, \dots, \dots, f\_i(v\_j, c\_j) \right\} \tag{1}$$

The procedure for feature optimization for each attack *Ak* is as follows:


*fi* ð Þ *Ak* can be considered as optimal toward assessing the scale of intrusion scope.

It is imperative from the implementation of the above procedure that optimal features of a specific attack *Ak* can be identified. Further, the optimal features are ordered using the canonical correlation values. The values with lower than threshold are considered as optional set of features. Reducing the features leads to lesser computational complexities to the minimal level. The optimal features shall be used for further assessing the impact scale intrusion of type *Ak*.
