Identifying Intrusions in Computer Networks Based on Principal Component Analysis

Wang, Wei and Battiti, Roberto (2005) Identifying Intrusions in Computer Networks Based on Principal Component Analysis. UNSPECIFIED. (Unpublished)

Download (295Kb) | Preview


    Most current anomaly Intrusion Detection Systems (IDSs)detect computer network behavior as normal or abnormal but cannot identify the type of attacks. Moreover, most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, we propose a novel method for intrusion identification in computer networks based on Principal Component Analysis (PCA). Each network connection is transformed into an input data vector. PCA is employed to reduce the high dimensional data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and the behavior of each type of attack are built based on attack data for intrusion identification. The distance between a vector and its reconstruction onto those reduced subspaces representing different types of attacks and normal activities is used for identification. The method is tested with network data from MIT Lincoln labs for the 1998 DARPA Intrusion Detection Evaluation Program and testing results show that the method and model is promising in terms of identification accuracy and computational efficiency for real-time intrusion identification.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105.5 Computer Networks
    Q Science > QA Mathematics > QA075 Electronic computers. Computer science
    Report Number: DIT-05-084
    Repository staff approval on: 21 Dec 2005

    Actions (login required)

    View Item