Bootstrap and MRCD Estimators in Hotelling’s T2 Control Charts for Precise Intrusion Detection

Ichwanul Kahfi Prasetya, Muhammad Ahsan*, Muhammad Mashuri, Muhammad Hisyam Lee

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Intrusion detection systems (IDS) are crucial in safeguarding network security by identifying unauthorized access attempts through various techniques. Statistical Process Control (SPC), particularly Hotelling’s T2 control charts, is noted for monitoring network traffic against known attack patterns or anomaly detection. This research advances the domain by incorporating robust statistical estimators—namely, the Fast-MCD and MRCD (Minimum Regularized Covariance Determinant) estimators—into bootstrap-enhanced Hotelling’s T2 control charts. These enhanced charts aim to strengthen detection accuracy by offering improved resistance to outlier contamination, a prevalent challenge in intrusion detection. The methodology emphasizes the MRCD estimator’s robustness in overcoming the limitations of traditional T2 charts, especially in environments with a high incidence of outliers. Applying the proposed bootstrap-based robust T2 charts to the UNSW-NB15 dataset illustrates a marked enhancement in intrusion detection performance. Results indicate superior performance of the proposed method over conventional T2 and Fast-MCD-based T2 charts in detection accuracy, even in varied levels of outlier contamination. Despite increasing execution time, the precision and reliability in detecting intrusions present a justified trade-off. The findings underscore the significant potential of integrating robust statistical methods to enhance IDS effectiveness.

Original languageEnglish
Article number7948
JournalApplied Sciences (Switzerland)
Volume14
Issue number17
DOIs
Publication statusPublished - Sept 2024

Keywords

  • Hotelling’s T
  • MRCD
  • bootstrap
  • intrusion detection
  • multivariate control chart

Fingerprint

Dive into the research topics of 'Bootstrap and MRCD Estimators in Hotelling’s T2 Control Charts for Precise Intrusion Detection'. Together they form a unique fingerprint.

Cite this