Robust adaptive multivariate Hotelling's T2 control chart based on kernel density estimation for intrusion detection system. (1st May 2020)
- Record Type:
- Journal Article
- Title:
- Robust adaptive multivariate Hotelling's T2 control chart based on kernel density estimation for intrusion detection system. (1st May 2020)
- Main Title:
- Robust adaptive multivariate Hotelling's T2 control chart based on kernel density estimation for intrusion detection system
- Authors:
- Ahsan, Muhammad
Mashuri, Muhammad
Lee, Muhammad Hisyam
Kuswanto, Heri
Prastyo, Dedy Dwi - Abstract:
- Highlight: Robust and adaptive chart is proposed to improve the detection accuracy. Proposed chart has better performance in detecting outlier than the benchmarks High detection accuracy has achieved for three datasets. For small portion of dataset, the proposed chart still produce the similar result. The proposed method has better performance compared to other the methods. Abstract: The utilization of conventional multivariate control chart in network intrusion detection will deal with two main problems. First, the high false alarm occurs due to the distribution of network traffic data that is not following the theory. Second, the inability of the control chart to detect outliers caused by the masking effect. To overcome these problems, the multivariate control chart based on the fast minimum covariance determinant (MCD) algorithm and kernel density estimation (KDE) is proposed in this paper. The employment of KDE technique is expected to adaptively follow the network traffic data pattern, thereby reducing the occurrence of false alarms. Meanwhile, the usage of Fast-MCD will improve the capabilities of the proposed control chart to quickly and accurately detect the outliers. For the simulated data, the proposed chart shows a better level of accuracy when it is compared to conventional T 2 and other robust T 2 based on successive difference covariate matrix (SDSM) charts. For the data generated from some distributions, the proposed chart shows its adaptability by producingHighlight: Robust and adaptive chart is proposed to improve the detection accuracy. Proposed chart has better performance in detecting outlier than the benchmarks High detection accuracy has achieved for three datasets. For small portion of dataset, the proposed chart still produce the similar result. The proposed method has better performance compared to other the methods. Abstract: The utilization of conventional multivariate control chart in network intrusion detection will deal with two main problems. First, the high false alarm occurs due to the distribution of network traffic data that is not following the theory. Second, the inability of the control chart to detect outliers caused by the masking effect. To overcome these problems, the multivariate control chart based on the fast minimum covariance determinant (MCD) algorithm and kernel density estimation (KDE) is proposed in this paper. The employment of KDE technique is expected to adaptively follow the network traffic data pattern, thereby reducing the occurrence of false alarms. Meanwhile, the usage of Fast-MCD will improve the capabilities of the proposed control chart to quickly and accurately detect the outliers. For the simulated data, the proposed chart shows a better level of accuracy when it is compared to conventional T 2 and other robust T 2 based on successive difference covariate matrix (SDSM) charts. For the data generated from some distributions, the proposed chart shows its adaptability by producing low false alarm with high detection rate. The proposed chart shows excellent performance to monitor the KDD99 dataset with 98.61% accuracy, NSL-KDD dataset with 91.71% accuracy, and UNSW-NB 15 dataset with 91.02% accuracy. The proposed method has consistent performance when monitoring the small subset of the datasets, which can minimize the computational time by more than 90% without decreasing its level of accuracy and precision. Also, the performance from the proposed chart surpasses the other benchmarks. … (more)
- Is Part Of:
- Expert systems with applications. Volume 145(2020)
- Journal:
- Expert systems with applications
- Issue:
- Volume 145(2020)
- Issue Display:
- Volume 145, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 145
- Issue:
- 2020
- Issue Sort Value:
- 2020-0145-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-05-01
- Subjects:
- Fast-MCD -- Kernel density estimation -- Hotelling's T2 chart -- Intrusion detection -- Statistical process control
Expert systems (Computer science) -- Periodicals
Systèmes experts (Informatique) -- Périodiques
Electronic journals
006.33 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09574174 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.eswa.2019.113105 ↗
- Languages:
- English
- ISSNs:
- 0957-4174
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3842.004220
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23155.xml