TY - JOUR
T1 - Hybrid James-Stein and successive difference covariance matrix estimators based hotelling’s T2 chart for network anomaly detection using bootstrap
AU - Ahsan, Muhammad
AU - Mashuri, Muhammad
AU - Khusna, Hidayatul
N1 - Publisher Copyright:
© 2005 - ongoing JATIT & LLS.
PY - 2018/10/31
Y1 - 2018/10/31
N2 - Statistical process control (SPC) is one of the powerful statistical methods that continuously improves the manufacturing process. The advantage of using the method in network anomaly detection is the technique does not need the knowledge of an information from the previous intrusions. The Hotelling's T2 is the mostly used control chart for network intrusion detection. However, Hotelling's T2 chart, which uses the conventional mean and covariance matrix, is sensitive to the outlier presence. Therefore, the conventional method is not effective to be implemented in Intrusion Detection System. To overcome this problem, Successive Difference Covariance Matrix (SDCM), which is one of the robust covariance matrix estimators, can be implemented in estimating the covariance matrix. Meanwhile, the James-Stein estimator can be adopted in estimating the mean vector of the Hotelling’s T2 control chart. The utilization of the bootstrap resampling method is intended to obtain the more accurate control limit of the proposed chart. The combination of these estimators with the bootstrap resampling approach demonstrates the better performance when it is used to monitor the anomaly in the network than the other control limit approaches in training and testing dataset. In addition, the IDS based on the proposed chart has better performance than the other existing charts based on its hit rate and FN rate criteria. The proposed method also outperforms some classifier methods.
AB - Statistical process control (SPC) is one of the powerful statistical methods that continuously improves the manufacturing process. The advantage of using the method in network anomaly detection is the technique does not need the knowledge of an information from the previous intrusions. The Hotelling's T2 is the mostly used control chart for network intrusion detection. However, Hotelling's T2 chart, which uses the conventional mean and covariance matrix, is sensitive to the outlier presence. Therefore, the conventional method is not effective to be implemented in Intrusion Detection System. To overcome this problem, Successive Difference Covariance Matrix (SDCM), which is one of the robust covariance matrix estimators, can be implemented in estimating the covariance matrix. Meanwhile, the James-Stein estimator can be adopted in estimating the mean vector of the Hotelling’s T2 control chart. The utilization of the bootstrap resampling method is intended to obtain the more accurate control limit of the proposed chart. The combination of these estimators with the bootstrap resampling approach demonstrates the better performance when it is used to monitor the anomaly in the network than the other control limit approaches in training and testing dataset. In addition, the IDS based on the proposed chart has better performance than the other existing charts based on its hit rate and FN rate criteria. The proposed method also outperforms some classifier methods.
KW - Bootstrap
KW - James-Stein
KW - Network anomaly detection
KW - Successive difference covariance matrix
KW - T control chart
UR - http://www.scopus.com/inward/record.url?scp=85056236137&partnerID=8YFLogxK
M3 - Article
AN - SCOPUS:85056236137
SN - 1992-8645
VL - 96
SP - 6828
EP - 6841
JO - Journal of Theoretical and Applied Information Technology
JF - Journal of Theoretical and Applied Information Technology
IS - 20
ER -