Robustness of chi-square and Canberra distance metrics for computer intrusion detection

Syed Masum Emran, Nong Ye

Research output: Contribution to journalArticle

27 Scopus citations

Abstract

Intrusion detection complements intrusion prevention mechanisms, such as firewalls, cryptography, and authentication, to capture intrusions into an information system while they are acting on the information system. We develop two multivariate quality control techniques based on chi-square and Canberra distance metrics, respectively, to detect intrusions by building a long-term profile of normal activities in the information system (norm profile) and using the norm profile to detect anomalies. We investigate the robustness of these two distance metrics by comparing their performance on a number of data sets involving different noise levels in data. The performance results indicate that the Chi-square distance metric is much more robust to noises than the Canberra distance metric.

Original languageEnglish (US)
Pages (from-to)19-28
Number of pages10
JournalQuality and Reliability Engineering International
Volume18
Issue number1
DOIs
StatePublished - Jan 1 2002

Keywords

  • Canberra distance metric
  • Chi-square distance
  • Computer security
  • Intrusion detection
  • Multivariate statistical analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Management Science and Operations Research

Fingerprint Dive into the research topics of 'Robustness of chi-square and Canberra distance metrics for computer intrusion detection'. Together they form a unique fingerprint.

  • Cite this