Abstract
Intrusion detection complements intrusion prevention mechanisms, such as firewalls, cryptography, and authentication, to capture intrusions into an information system while they are acting on the information system. We develop two multivariate quality control techniques based on chi-square and Canberra distance metrics, respectively, to detect intrusions by building a long-term profile of normal activities in the information system (norm profile) and using the norm profile to detect anomalies. We investigate the robustness of these two distance metrics by comparing their performance on a number of data sets involving different noise levels in data. The performance results indicate that the Chi-square distance metric is much more robust to noises than the Canberra distance metric.
Original language | English (US) |
---|---|
Pages (from-to) | 19-28 |
Number of pages | 10 |
Journal | Quality and Reliability Engineering International |
Volume | 18 |
Issue number | 1 |
DOIs | |
State | Published - Jan 2002 |
Keywords
- Canberra distance metric
- Chi-square distance
- Computer security
- Intrusion detection
- Multivariate statistical analysis
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Management Science and Operations Research