computer system or network and analyse the monitoring results to find signs of intrusion. The multivariate control chart, which is often used in the intrusion detection system, is Hotelling's T2. In this study, the Hotelling's T2 chart performance for intrusion detection is improved using the successive difference covariance matrix to estimate the covariance matrix and James-Stein estimator to estimate the mean vector. The control limits of the proposed chart are calculated using kernel density estimation. The performance of the proposed method, using T2 based on kernel density estimation control limit, outperforms the other control chart approaches in both training and testing dataset.
- Intrusion detection
- James-Stein estimator
- Kernel density estimation
- Successive difference covariance matrix
- T control chart