PCA-based Hotelling's T2 chart with fast minimum covariance determinant (FMCD) estimator and kernel density estimation (KDE) for network intrusion detection. (August 2021)
- Record Type:
- Journal Article
- Title:
- PCA-based Hotelling's T2 chart with fast minimum covariance determinant (FMCD) estimator and kernel density estimation (KDE) for network intrusion detection. (August 2021)
- Main Title:
- PCA-based Hotelling's T2 chart with fast minimum covariance determinant (FMCD) estimator and kernel density estimation (KDE) for network intrusion detection
- Authors:
- Mashuri, Muhammad
Ahsan, Muhammad
Lee, Muhammad Hisyam
Prastyo, Dedy Dwi
Wibawati, - Abstract:
- Highlight: Adaptive control limit is proposed to reduce false alarm. Robust estimator is employed to improve detection accuracy. The proposed chart displays better performance in detecting outlier. The proposed IDS has better detection accuracy compared to other the benchmarks. Improvement in computational time produced by the proposed method. Abstract: In this work, the combination between the Principal Component Analysis (PCA) and the Hotelling's T 2 chart is proposed to solve problems caused by the many highly correlated network traffic features and to reduce the computational time without reducing its accuracy detection. However, a new issue arises due to the difficulty of the network traffic observations to follow the multivariate normal distribution as required in Hotelling's T 2 chart. Consequently, many false alarms are found in inspecting network intrusion detection. To solve this issue, the Kernel Density Estimation (KDE) procedure is applied to obtain an optimum control limit. Also, to improve the accuracy detection, the Fast Minimum Covariance Determinant (FMCD) is employed to estimate the robust mean vector and covariance matrix. Experiments using the simulated dataset are conducted to assess the proposed chart's performance in detecting the presence of outlier for the normal and non-normal of multivariate data. According to the simulation studies, the proposed chart yields higher accuracy and a high detection rate with a low false alarm rate. Further, theHighlight: Adaptive control limit is proposed to reduce false alarm. Robust estimator is employed to improve detection accuracy. The proposed chart displays better performance in detecting outlier. The proposed IDS has better detection accuracy compared to other the benchmarks. Improvement in computational time produced by the proposed method. Abstract: In this work, the combination between the Principal Component Analysis (PCA) and the Hotelling's T 2 chart is proposed to solve problems caused by the many highly correlated network traffic features and to reduce the computational time without reducing its accuracy detection. However, a new issue arises due to the difficulty of the network traffic observations to follow the multivariate normal distribution as required in Hotelling's T 2 chart. Consequently, many false alarms are found in inspecting network intrusion detection. To solve this issue, the Kernel Density Estimation (KDE) procedure is applied to obtain an optimum control limit. Also, to improve the accuracy detection, the Fast Minimum Covariance Determinant (FMCD) is employed to estimate the robust mean vector and covariance matrix. Experiments using the simulated dataset are conducted to assess the proposed chart's performance in detecting the presence of outlier for the normal and non-normal of multivariate data. According to the simulation studies, the proposed chart yields higher accuracy and a high detection rate with a low false alarm rate. Further, the proposed Intrusion Detection System (IDS) is utilized in scanning attacks. The reputable KDD99 data is used as the benchmark to make a fair comparison between the proposed IDS and some algorithms. The monitoring outputs show that the proposed approach produces advancements in the speed of computational time with 87.42% of time efficiency. Compared to the other charts in detecting intrusion, the proposed chart produces the lower False Negative Rate (FNR). Also, compared to some classifiers the proposed chart yields a higher accuracy at about 0.9893. … (more)
- Is Part Of:
- Computers & industrial engineering. Volume 158(2021)
- Journal:
- Computers & industrial engineering
- Issue:
- Volume 158(2021)
- Issue Display:
- Volume 158, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 158
- Issue:
- 2021
- Issue Sort Value:
- 2021-0158-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-08
- Subjects:
- Hotelling's T2 chart -- Kernel density estimation -- Fast MCD -- PCA -- Intrusion Detection System
Engineering -- Data processing -- Periodicals
Industrial engineering -- Periodicals
620.00285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/03608352 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cie.2021.107447 ↗
- Languages:
- English
- ISSNs:
- 0360-8352
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.713000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 17323.xml