Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Abstract

Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling’s T 2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by a large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T 2 based on PCA for IDS. The KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T 2 based PCA will be compared with conventional T 2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling’s T 2 based on PCA has excellent performance to detect an anomaly in the network. Compared to conventional T 2 control chart, the T 2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time.