Network Anomaly Detection Based on Projection Pursuit Regression

Network anomaly detection is an important issue in network security. Detecting network anomaly is a challenging because of the multivariate property of the collected data, the diversity of the causes and the complexity of the existing algorithms. However, traditional methods have some shortcomings, such as low real-time capability, great resource consumption, high false positive rate (FPR) and high false negative rate (FNR). Projection pursuit regression (PPR) is a widely used multivariate analysis method and can be exploited to mining structures in multivariate data set. Based on PPR, we propose a novel network anomaly detection approach, which combines regression learning of genetic algorithm (GA) and Projection Pursuit to eventually evaluate the anomaly results comprehensively. We verify the proposed approach on the 1999 DARPA data set, and network anomaly can be detected with higher detection rate (DR) and lower false positive rate, compared to the Phad method. Furthermore, our approach achieves good detection rate even for some specific kind of anomaly which is difficult to detect previously.