Title :
Factor analysis based anomaly detection
Author :
Wu, Ningning ; Zhang, Jing
Author_Institution :
Dept. of Inf. Sci., Arkansas Univ., Little Rock, AR, USA
Abstract :
We propose a novel anomaly detection algorithm based on factor analysis and Mahalanobis distance. Factor analysis is used to uncover the latent structure (dimensions) of a set of variables. It reduces attribute space from a larger number of variables to a smaller number of factors. The Mahalanobis distance is used to determine the "similarity" of a set of values from an "unknown" sample to a set of values measured from a collection of "known" samples. Combined with factor analysis, Mahalanobis distance is extended to examine whether a given vector is an outlier from a model identified by "factors" based on factor analysis. We present a factor analysis-based network anomaly detection algorithm and apply it to DARPA intrusion detection evaluation data. The experimental results show that the proposed algorithm is able to detect network intrusions with relatively low false alarms.
Keywords :
computer crime; computer networks; covariance matrices; principal component analysis; sampling methods; telecommunication security; telecommunication traffic; DARPA detection evaluation data; Mahalanobis distance; anomaly detection algorithm; attribute space; covariance matrix; data set similarity; factor analysis; false alarm; network intrusion; principal component analysis; sampled data set; variable latent structure; Algorithm design and analysis; Association rules; Computer networks; Detection algorithms; Information science; Intrusion detection; Neural networks; Statistical analysis; Statistics; Training data;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232408
