Multivariate statistical analysis of network traffic for intrusion detection

In the field of intrusion detection research, it is often said that anomaly detection has high false positive (FP) rate, though no sufficient analysis is presented so far. To investigate this assertion, this paper analyzes network traffic data using multivariate statistical analysis method. Data set used for the analysis is 1998 DARPA Intrusion Detection Evaluation Data. The information type applied to detect intrusion has been chosen empirically or intuitively. Our result supports that such information type is correct, and moreover on-line processing achieves lower FP rate with high attack detection rate than batch processing in most cases.