Proc. SPIE. 6241, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
KEYWORDS: Principal component analysis, Detection and tracking algorithms, Data modeling, Sensors, Error analysis, Data processing, Computer intrusion detection, Reconstruction algorithms, Systems modeling, Network security
Intrusion Detection Systems (IDSs) need a mass of labeled data in the process of training, which hampers the application and popularity of traditional IDSs. Classical principal component analysis is highly sensitive to outliers in training data, and leads to poor classification accuracy. This paper proposes a novel scheme based on robust principal component classifier, which obtains principal components that are not influenced much by outliers. An anomaly detection model is constructed from the distances in the principal component space and the reconstruction error of training data. The experiments show that this proposed approach can detect unknown intrusions effectively, and has a good performance in detection rate and false positive rate especially.