论文信息 - A novel unsupervised anomaly detection based on robust principal component classifier

A novel unsupervised anomaly detection based on robust principal component classifier

Intrusion Detection Systems (IDSs) need a mass of labeled data in the process of training, which hampers the application and popularity of traditional IDSs. Classical principal component analysis is highly sensitive to outliers in training data, and leads to poor classification accuracy. This paper proposes a novel scheme based on robust principal component classifier, which obtains principal components that are not influenced much by outliers. An anomaly detection model is constructed from the distances in the principal component space and the reconstruction error of training data. The experiments show that this proposed approach can detect unknown intrusions effectively, and has a good performance in detection rate and false positive rate especially.

[1] Guoyin Wang,et al. An improved unsupervised clustering-based intrusion detection method , 2005, SPIE Defense + Commercial Sensing.

[2] Eleazar Eskin,et al. A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[3] Qiang Chen,et al. Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[4] P. Rousseeuw,et al. A fast algorithm for the minimum covariance determinant estimator , 1999 .

[5] Sun Hong. An Improved Anomaly Detection Model for IDS , 2003 .

[6] Mia Hubert,et al. ROBPCA: A New Approach to Robust Principal Component Analysis , 2005, Technometrics.

[7] Francisco J. Prieto,et al. Multivariate Outlier Detection and Robust Covariance Matrix Estimation , 2001, Technometrics.

[8] M. Shyu,et al. A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[9] Guoyin Wang,et al. A new framework for intrusion detection based on rough set theory , 2004, SPIE Defense + Commercial Sensing.

[10] Erland Jonsson,et al. Anomaly-based intrusion detection: privacy concerns and other problems , 2000, Comput. Networks.

[11] Sanne Engelen,et al. A comparison of three procedures for robust PCA in high dimensions , 2016 .