A novel intrusion detection method based on principle component analysis in computer security

Wei Wang*, Xiaohong Guan, Xiangliang Zhang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

42 Scopus citations

Abstract

Intrusion detection is an important technique in the defense-in-depth network security framework and a hot topic in computer security in recent years. In this paper, a new intrusion detection method based on Principle Component Analysis (PCA) with low overhead and high efficiency is presented. System call data and command sequences data are used as information sources to validate the proposed method. The frequencies of individual system calls in a trace and individual commands in a data block are computed and then data column vectors which represent the traces and blocks of the data are formed as data input. PCA is applied to reduce the high dimensional data vectors and distance between a vector and its projection onto the subspace reduced is used for anomaly detection. Experimental results show that the proposed method is promising in terms of detection accuracy, computational expense and implementation for real-time intrusion detection.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
EditorsFuliang Yin, Chengan Guo, Jun Wang
PublisherSpringer Verlag
Pages657-662
Number of pages6
ISBN (Print)3540228438, 9783540228431
DOIs
StatePublished - 2004
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3174
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A novel intrusion detection method based on principle component analysis in computer security'. Together they form a unique fingerprint.

Cite this