Abstract
Principal component analysis (PCA) has received increasing attention as a method to distinguish network traffic anomalies from normal data instances based on its orthogonal linear transformation characteristics and dimensionality reduction technique. To address the issue of parameter sensitivity in the classical PCA, we propose modifications to the classical PCA, called robust PCA in this paper, which exhibits greater flexibility in detecting outliers for different traffic distributions. First, the robust PCA utilizes the Mahalanobis distance function which generates more flexible results than that of the Euclidean distance used in the classical PCA. The second modification to the classical PCA is to take into account the temporal effect of network traffic data by considering the neighbors' corresponding values. Temporal correlation is a practically important feature for network traffic, which the classical PCA does not consider. In addition, the proposed robust PCA also adopts entropy calculation to cope with both numerical and categorical data, as both data types exist in real traffic traces. Finally, using the robust PCA, our experimental results demonstrate the effectiveness in identifying network anomalies.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.