TY - JOUR
T1 - Comparing the performance of T2chart based on PCA Mix, Kernel PCA Mix, and Mixed Kernel PCA for Network Anomaly Detection
AU - Mashuri, M.
AU - Ahsan, M.
AU - Kuswanto, H.
AU - Prastyo, D. D.
AU - Khusna, H.
AU - Wibawati,
N1 - Publisher Copyright:
© Published under licence by IOP Publishing Ltd.
PY - 2021/2/15
Y1 - 2021/2/15
N2 - Statistical Process Control (SPC) is not only used to monitor the quality of manufacturing processes and services but also is applied to detect intrusions in the network. Hotelling's T2 chart is the SPC method that has been widely developed for intrusion detection. However, in its application, the conventional Hotelling's T2 chart has several drawbacks such as less effective when used to monitor large observations and quality characteristics. Conventional Hotelling's T2 chart is not perform-well for non-Gaussian distributed data. Also, the current conventional control chart has not been able to monitor the processes which have mixed quality characteristics. To overcome these weaknesses, two types of the control chart is proposed in this study, namely, the multivariate control chart based on Principal Component Analysis (PCA) Mix and Kernel PCA. For Kernel PCA chart, two schemes are developed, that is Kernel PCA Mix and Mixed Kernel PCA control charts. Kernel Density Estimation (KDE) is employed to estimate the control limits of the developed charts. In monitoring the network intrusion, the proposed control charts are applied to well-known NSL-KDD dataset. The evaluation performance shows that the PCA Mix chart can detect attacks occurred on the network more accurate and faster compared to the Kernel PCA Mix and Mixed Kernel PCA charts.
AB - Statistical Process Control (SPC) is not only used to monitor the quality of manufacturing processes and services but also is applied to detect intrusions in the network. Hotelling's T2 chart is the SPC method that has been widely developed for intrusion detection. However, in its application, the conventional Hotelling's T2 chart has several drawbacks such as less effective when used to monitor large observations and quality characteristics. Conventional Hotelling's T2 chart is not perform-well for non-Gaussian distributed data. Also, the current conventional control chart has not been able to monitor the processes which have mixed quality characteristics. To overcome these weaknesses, two types of the control chart is proposed in this study, namely, the multivariate control chart based on Principal Component Analysis (PCA) Mix and Kernel PCA. For Kernel PCA chart, two schemes are developed, that is Kernel PCA Mix and Mixed Kernel PCA control charts. Kernel Density Estimation (KDE) is employed to estimate the control limits of the developed charts. In monitoring the network intrusion, the proposed control charts are applied to well-known NSL-KDD dataset. The evaluation performance shows that the PCA Mix chart can detect attacks occurred on the network more accurate and faster compared to the Kernel PCA Mix and Mixed Kernel PCA charts.
KW - Hotelling's TChart
KW - Kernel Density Estimation
KW - Kernel PCA
KW - Mixed Quality Characteristics
KW - PCA Mix
UR - http://www.scopus.com/inward/record.url?scp=85101737240&partnerID=8YFLogxK
U2 - 10.1088/1742-6596/1752/1/012008
DO - 10.1088/1742-6596/1752/1/012008
M3 - Conference article
AN - SCOPUS:85101737240
SN - 1742-6588
VL - 1752
JO - Journal of Physics: Conference Series
JF - Journal of Physics: Conference Series
IS - 1
M1 - 012008
T2 - 3rd International Conference on Statistics, Mathematics, Teaching, and Research 2019, ICSMTR 2019
Y2 - 9 October 2019 through 10 October 2019
ER -