Abstract

Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling's T2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T2 based on PCA for IDS. KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T2 based PCA will be compared with conventional T2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling's T2 based on PCA has excellent performance to detect anomaly in network. Compared to conventional T2 control chart, the T2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time.

Original languageEnglish
Pages (from-to)1905-1911
Number of pages7
JournalInternational Journal on Advanced Science, Engineering and Information Technology
Volume8
Issue number5
DOIs
Publication statusPublished - 2018

Keywords

  • Hotelling's T
  • Intrusion detection
  • Multivariate control chart
  • PCA

Fingerprint

Dive into the research topics of 'Intrusion detection system using multivariate control chart Hotelling's T2 based on PCA'. Together they form a unique fingerprint.

Cite this