Robustness of Chi‐square and Canberra distance metrics for computer intrusion detection

Abstract

AbstractIntrusion detection complements intrusion prevention mechanisms, such as firewalls, cryptography, and authentication, to capture intrusions into an information system while they are acting on the information system. We develop two multivariate quality control techniques based on chi‐square and Canberra distance metrics, respectively, to detect intrusions by building a long‐term profile of normal activities in the information system (norm profile) and using the norm profile to detect anomalies. We investigate the robustness of these two distance metrics by comparing their performance on a number of data sets involving different noise levels in data. The performance results indicate that the Chi‐square distance metric is much more robust to noises than the Canberra distance metric. Copyright © 2002 John Wiley & Sons, Ltd.