An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems

Nong Ye, Qiang Chen

Research output: Contribution to journalArticlepeer-review

152 Scopus citations

Abstract

An intrusion into an information system compromises its security (e.g. availability, integrity and confidentiality) through a series of events in the information system. Intrusive events often show departures (anomalies) from normal events in an information system. This paper presents an anomaly detection technique based on a chi-square statistic. This technique builds a profile of normal events in an information system-a norm profile computes the departure of events in the recent past from the norm profile and detects a large departure as an anomaly-a likely intrusion. This technique was tested for its performance in distinguishing normal events from intrusive events in an information system. The test results demonstrated the promising performance of this technique for intrusion detection in terms of a low false alarm rate and a high detection rate. Intrusive events were detected at a very early stage.

Original languageEnglish (US)
Pages (from-to)105-112
Number of pages8
JournalQuality and Reliability Engineering International
Volume17
Issue number2
DOIs
StatePublished - Mar 1 2001

Keywords

  • Chi-square statistic
  • Computer security
  • Intrusion detection
  • Multivariate analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Management Science and Operations Research

Fingerprint Dive into the research topics of 'An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems'. Together they form a unique fingerprint.

Cite this