Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Muhammad Ahsan (1), Muhammad Mashuri (2), Heri Kuswanto (3), Dedy Dwi Prastyo (4)
(1) Department of Statistics, Institut Teknologi Sepuluh Nopember Surabaya
(2) Department of Statistics, Institut Teknologi Sepuluh Nopember Surabaya
(3) Department of Statistics, Institut Teknologi Sepuluh Nopember Surabaya
(4) Department of Statistics, Institut Teknologi Sepuluh Nopember Surabaya
Fulltext View | Download
How to cite (IJASEIT) :
Ahsan, Muhammad, et al. “Intrusion Detection System Using Multivariate Control Chart Hotelling’s T2 Based on PCA”. International Journal on Advanced Science, Engineering and Information Technology, vol. 8, no. 5, Oct. 2018, pp. 1905-11, doi:10.18517/ijaseit.8.5.3421.
Statistical Process Control (SPC) has been widely used in industry and services. The SPC can be applied not only to monitor manufacture processes but also can be applied to the Intrusion Detection System (IDS). In network monitoring and intrusion detection, SPC can be a powerful tool to ensure system security and stability in a network. Theoretically, Hotelling’s T2 chart can be used in intrusion detection. However, there are two reasons why the chart is not suitable to be used. First, the intrusion detection data involves large volumes of high-dimensional process data. Second, intrusion detection requires a fast computational process so an intrusion can be detected as soon as possible. To overcome the problems caused by a large number of quality characteristics, Principal Component Analysis (PCA) can be used. The PCA can reduce not only the dimension leading a faster computational, but also can eliminate the multicollinearity (among characteristic variables) problem. This paper is focused on the usage of multivariate control chart T2 based on PCA for IDS. The KDD99 dataset is used to evaluate the performance of the proposed method. Furthermore, the performance of T2 based PCA will be compared with conventional T2 control chart. The empirical results of this research show that the multivariate control chart using Hotelling’s T2 based on PCA has excellent performance to detect an anomaly in the network. Compared to conventional T2 control chart, the T2 based on PCA has similar performance with 97 percent hit rate. It also requires shorter computation time. 

S. Bersimis, A. Sgora, S. Psarakis, The application of multivariate statistical process monitoring in non-industrial processes, Quality Technology and Quantitative Management. 3703 (2016) 1-24. doi:10.1080/16843703.2016.1226711.

Y. Park, A Statistical Process Control Approach for Network Intrusion Detection, Georgia Insitute of Technology, 2005.

C.A. Catania, C.G. Garino, Automatic network intrusion detection: Current techniques and open issues, Computers & Electrical Engineering. 38 (2012) 1062-1072. doi:10.1016/j.compeleceng.2012.05.013.

W.A. Shewhart, Some Applications of Statistical Methods to the Analysis of Physical and Engineering Data, Bell Labs Technical Journal. 3 (1924) 43-87.

S.W. Roberts, Control Chart Tests Based on Geometric Moving Averages, Technometrics. 1 (1959) 239-250. doi:10.1080/00401706.1959.10489860.

E.S. Page, Cumulative Sum Charts, Technometrics. 3 (1961) 1-9. doi:10.1080/00401706.1961.10489922.

D.B. Laney, Improved control charts for attributes, Quality Engineering. 14 (2002) 531-537.

M. Ahsan, M. Mashuri, H. Khusna, Evaluation of Laney p’ Chart Performance, International Journal of Applied Engineering Research. 12 (2017) 14208-14217.

W.H. Woodall, Control charts based on attribute data: Bibliography and review, Journal of Quality Technology. 29 (1997) 172. http://proquest.umi.com/pqdweb?did=11613494&Fmt=7&clientId=43036&RQT=309&VName=PQD.

J.K. Wororomi, M. Mashuri, Irhamah, A.Z. Arifin, On monitoring shift in the mean processes with vector autoregressive residual control charts of individual observation, Applied Mathematical Sciences. 8 (2014) 3491-3499. doi:10.12988/ams.2014.44298.

M. Pirhooshyaran, S.T.A. Niaki, A double-max MEWMA scheme for simultaneous monitoring and fault isolation of multivariate multistage auto-correlated processes based on novel reduced-dimension statistics, Journal of Process Control. 29 (2015) 11-22. doi:10.1016/j.jprocont.2015.03.008.

Alkindi, M. Mashuri, D.D. Prastyo, T2 hotelling fuzzy and W2 control chart with application to wheat flour production process, in: AIP Conference Proceedings, 2016. doi:10.1063/1.4953977.

H. Khusna, M. Mashuri, Suhartono, D.D. Prastyo, M. Ahsan, Multioutput Least Square SVR Based Multivariate EWMA Control Chart, Journal of Physics: Conference Series. 1028 (2018) 12221. http://stacks.iop.org/1742-6596/1028/i=1/a=012221.

H. Sabahno, A. Amiri, P. Castagliola, Optimal performance of the variable sample sizes Hotelling’s T 2 control chart in the presence of measurement errors, Quality Technology & Quantitative Management. (2018) 1-25.

N.A. Adegoke, A.N.H. Smith, M.J. Anderson, S.A. Abbasi, M.D.M. Pawley, Shrinkage estimates of covariance matrices to improve the performance of multivariate cumulative sum control charts, Computers & Industrial Engineering. 117 (2018) 207-216.

M. Ahsan, M. Mashuri, H. Kuswanto, D.D. Prastyo, H. Khusna, Multivariate Control Chart based on PCA Mix for Variable and Attribute Quality Characteristics, Production & Manufacturing Research. 6 (2018) 364-384. doi:10.1080/21693277.2018.1517055.

H. Khusna, M. Mashuri, M. Ahsan, S. Suhartono, D.D. Prastyo, Bootstrap Based Maximum Multivariate CUSUM Control Chart, Quality Technology & Quantitative Management. (2018). doi:10.1080/16843703.2018.1535765.

H. Khusna, M. Mashuri, S. Suhartono, D.D. Prastyo, M. Ahsan, Multioutput least square SVR based multivariate EWMA control chart: The performance evaluation and application, Cogent Engineering. (2018). doi:10.1080/23311916.2018.1531456.

N. Ye, X. Li, Q. Chen, S.M. Emran, M. Xu, Probabilistic techniques for intrusion detection based on computer audit data, IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans. 31 (2001) 266-274. doi:10.1109/3468.935043.

N. Ye, C. Borror, Y. Zhang, EWMA techniques for computer intrusion detection through anomalous changes in event intensity, Quality and Reliability Engineering International. 18 (2002) 443-451. doi:10.1002/qre.493.

G. Qu, S. Hariri, M. Yousif, Multivariate Statistical Analysis for Network Attacks Detection, The 3rd ACS/IEEE Interenational Conference on Computer Systems and Applications. (2005) 9-14. doi:10.1109/AICCSA.2005.1387011.

N. Ye, D. Parmar, C.M. Borror, A Hybrid SPC Method with the Chi-Square Distance Monitoring Procedure for Large-scale, Complex Process Data, Quality and Reliability Engineering International. 22 (2006) 393-402. doi:10.1002/qre.717.

A. Avalappampatty Sivasamy, B. Sundan, A Dynamic Intrusion Detection System Based on Multivariate Hotelling’s T 2 Statistics Approach for Network Environments, The Scientific World Journal. 2015 (2015) 1-9. doi:10.1155/2015/850153.

M. Ahsan, M. Mashuri, H. Khusna, Intrusion Detection System Using Bootstrap Resampling Approach Of T2 Control Chart Based On Successive Difference Covariance Matrix, Journal of Theoretical and Applied Information Technology. 96 (2018) 2128-2138.

R. Rastogi, Z. Khan, M.H. Khan, Network Anomalies Detection Using Statistical Technique : A Chi- Square approach, International Journal of Computer Science Issues. 9 (2012) 515-522.

D. Montgomery, Introduction to statistical quality control, New York, 2009. doi:10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C.

T. Kourti, Application of latent variable methods to process control and multivariate statistical process control in industry, International Journal of Adaptive Control and Signal Processing. 19 (2005) 213-246. doi:10.1002/acs.859.

R.L. Mason, J.C. Young, Multivariate Statistical Process Control with Industrial Applications, Society for Industrial and Applied Mathematics, 2002. http://epubs.siam.org/doi/book/10.1137/1.9780898718461.

J.E. Jackson, G.S. Mudholkar, Control Procedures for Residuals Associated with Principal Component Analysis, Technometrics. 21 (1979) 341-349. doi:10.1080/00401706.1979.10489779.

W. Wang, X. Guan, X. Zhang, A Novel Intrusion Detection Method Based on Principle Component Analysis in Computer Security, in: F.-L. Yin, J. Wang, C. Guo (Eds.), Advances in Neural Networks - ISNN 2004, Springer Berlin Heidelberg, Berlin, Heidelberg, 2004: pp. 657-662. http://link.springer.com/10.1007/978-3-540-28648-6_105.

S. Lakhina, S. Joseph, B. Verma, Feature Reduction using Principal Component Analysis for Effective Anomaly-Based Intrusion Detection on NSL-KDD, International Journal of Engineering Science and Technology. 2 (2010) 1790-1799.

Z. Chen, C.K. Yeo, B.S.L. Francis, C.T. Lau, Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection, in: IEEE, 2016: pp. 176-181. doi:10.1109/DIPDMWC.2016.7529385.

F. Kuang, W. Xu, S. Zhang, A novel hybrid KPCA and SVM with GA model for intrusion detection, Applied Soft Computing Journal. 18 (2014) 178-184. doi:10.1016/j.asoc.2014.01.028.

K.J. Chabathula, C.D. Jaidhar, M.A.A. Kumara, Comparative study of Principal Component Analysis based Intrusion Detection approach using machine learning algorithms, in: Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference On, 2015: pp. 1-6. doi:10.1109/ICSCN.2015.7219853.

X. Han, L. Xu, M. Ren, W. Gu, A Naive Bayesian Network Intrusion Detection Algorithm Based on Principal Component Analysis, in: IEEE, 2015: pp. 325-328. doi:10.1109/ITME.2015.29.

Z. Chen, C.K. Yeo, B.S.L. Francis, C.T. Lau, A MSPCA based intrusion detection algorithm tor detection of DDoS attack, in: IEEE, 2015: pp. 1-5. doi:10.1109/ICCChina.2015.7448617.

J.E. Jackson, Quality Control Methods for Several Related Variables, Technometrics. 1 (1959) 359-377.

H. Hotteling, Multivariate Quality Control, in: Techiques of Statistical Analysis, Eisenhart, McGraw-Hill, New York, 1947.

J.D. Williams, W.H. Woodall, J.B. Birch, J.O.E.H. Sullivan, On the Distribution of Hotelling ’ s T 2 Statistic Based on the Successive Differences Covariance Matrix Estimator, Journal of Quality Technology. 38 (2006) 217-229.

H. Hotelling, Multivariate quality control, in: Techniques of Statistical Analysis, McGraw-Hill., New York, 1974.

B.M. Wise, N.B. Gallagher, The process chemometrics approach to process monitoring and fault detection, Journal of Process Control. 6 (1996) 329-348. doi:10.1016/0959-1524(96)00009-1.

R.A. Johnson, D.W. Wichern, Applied Multivariate Statistical Analysis, Pearson Education International. (1998) 226-235. doi:10.1198/tech.2005.s319.

S.J. Stolfo, KDD cup 1999 dataset, UCI KDD Repository. Http://Kdd.Ics.Uci.Edu. (1999) 0.

A. í–zgí¼r, H. Erdem, A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015, PeerJ Preprints. (2016). doi:https://doi.org/10.7287/peerj.preprints.1954v1.

percent KDD99 dataset, (n.d.). http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gzis.

N. Ye, X. Li, A scalable, incremental learning algorithm for classification problems, Computers and Industrial Engineering. 43 (2002) 677-692. doi:10.1016/S0360-8352(02)00132-8.

X. Zhu, Anomaly Detection Through Statistics-Based Machine Learning For Computer Networks, The University of Arizona, 2006.

Y.-M. Chou, R. Mason, J. Young, the Control Chart for Individual Observations From a Multivariate Non-Normal Distribution, Communications in Statistics: Theory & Methods. 30 (2001) 1937. doi:10.1081/STA-100105706.

M. Ahsan, M. Mashuri, H. Kuswanto, D.D. Prastyo, H. Khusna, T2 Control Chart based on Successive Difference Covariance Matrix for Intrusion Detection System, in: Journal of Physics: Conference Series, IOP Publishing, 2018: p. 12220.

D. Dong, T.J. McAvoy, Batch tracking via nonlinear principal component analysis, AIChE Journal. 42 (1996) 2199-2208. doi:10.1002/aic.690420810.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).