Most current anomaly Intrusion Detection Systems (IDSs)detect computer network behavior as normal or abnormal but cannot identify the type of attacks. Moreover, most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, we propose a novel method for intrusion identification in computer networks based on Principal Component Analysis (PCA). Each network connection is transformed into an input data vector. PCA is employed to reduce the high dimensional data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and the behavior of each type of attack are built based on attack data for intrusion identification. The distance between a vector and its reconstruction onto those reduced subspaces representing different types of attacks and normal activities is used for identification. The method is tested with network data from MIT Lincoln labs for the 1998 DARPA Intrusion Detection Evaluation Program and testing results show that the method and model is promising in terms of identification accuracy and computational efficiency for real-time intrusion identification.

Identifying Intrusions in Computer Networks Based on Principal Component Analysis / Wang, Wei; Battiti, Roberto. - ELETTRONICO. - (2005), pp. 1-16.

Identifying Intrusions in Computer Networks Based on Principal Component Analysis

Wang, Wei;Battiti, Roberto
2005-01-01

Abstract

Most current anomaly Intrusion Detection Systems (IDSs)detect computer network behavior as normal or abnormal but cannot identify the type of attacks. Moreover, most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, we propose a novel method for intrusion identification in computer networks based on Principal Component Analysis (PCA). Each network connection is transformed into an input data vector. PCA is employed to reduce the high dimensional data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and the behavior of each type of attack are built based on attack data for intrusion identification. The distance between a vector and its reconstruction onto those reduced subspaces representing different types of attacks and normal activities is used for identification. The method is tested with network data from MIT Lincoln labs for the 1998 DARPA Intrusion Detection Evaluation Program and testing results show that the method and model is promising in terms of identification accuracy and computational efficiency for real-time intrusion identification.
2005
Trento
Università degli Studi di Trento - Dipartimento di Informatica e Telecomunicazioni
Identifying Intrusions in Computer Networks Based on Principal Component Analysis / Wang, Wei; Battiti, Roberto. - ELETTRONICO. - (2005), pp. 1-16.
Wang, Wei; Battiti, Roberto
File in questo prodotto:
File Dimensione Formato  
Identifying_Intrusions_in_Computer_Networks_Based_on_Principal_Component_Analysis.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 295.46 kB
Formato Adobe PDF
295.46 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/358114
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact