TY - JOUR
T1 - Intrusion detection system using multivariate control chart Hotelling's T2 based on PCA
AU - Ahsan, Muhammad
AU - Mashuri, Muhammad
AU - Kuswanto, Heri
AU - Prastyo, Dedy Dwi
N1 - Publisher Copyright:
© International Journal on Advanced Science Engineering Information Technology.
PY - 2018
Y1 - 2018
N2 - Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling's T2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T2 based on PCA for IDS. KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T2 based PCA will be compared with conventional T2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling's T2 based on PCA has excellent performance to detect anomaly in network. Compared to conventional T2 control chart, the T2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time.
AB - Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling's T2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T2 based on PCA for IDS. KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T2 based PCA will be compared with conventional T2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling's T2 based on PCA has excellent performance to detect anomaly in network. Compared to conventional T2 control chart, the T2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time.
KW - Hotelling's T
KW - Intrusion detection
KW - Multivariate control chart
KW - PCA
UR - http://www.scopus.com/inward/record.url?scp=85056211747&partnerID=8YFLogxK
U2 - 10.18517/ijaseit.8.5.3421
DO - 10.18517/ijaseit.8.5.3421
M3 - Article
AN - SCOPUS:85056211747
SN - 2088-5334
VL - 8
SP - 1905
EP - 1911
JO - International Journal on Advanced Science, Engineering and Information Technology
JF - International Journal on Advanced Science, Engineering and Information Technology
IS - 5
ER -