A Novel Anomaly Detection Scheme Based on Principal Component Classifier

Abstract

This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal components of the normal instances. A measure of the difference of an anomaly from the normal instance is the distance in the principal component space. The distance based on the major components that account for 50% of the total variation and the minor components whose eigenvalues less than 0.20 is shown to work well. The experiments with KDD Cup 1999 data demonstrate that the proposed method achieves 98.94% in recall and 97.89% in precision with the false alarm rate 0.92% and outperforms the nearest neighbor method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on Canberra metric.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA465712

Entities

People

  • Kanoksri Sarinnapakorn
  • Liwu Chang
  • Mei-ling Shyu
  • Shu-ching Chen

Organizations

  • University of Miami

Tags

Communities of Interest

  • C4I
  • Cyber
  • Energy and Power Technologies
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Computer Science
  • Data Mining
  • Data Science
  • Detection
  • Detectors
  • Estimators
  • Factor Analysis
  • Information Processing
  • Information Science
  • Intrusion Detection
  • Machine Learning
  • Network Science
  • Sensor Networks
  • Statistical Algorithms
  • Supervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Calculus or Mathematical Analysis
  • Neural Network Machine Learning.

Technology Areas

  • Space
  • Space - Space Objects