Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Ahsan, Muhammad; Mashuri, Muhammad; Kuswanto, Heri; Prastyo, Dedy Dwi

doi:10.18517/ijaseit.8.5.3421

Cited by 30 publications

(19 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Khoo 30 1) and ( 5) to monitor the process mean and process variability, respectively. A single chart to monitor both process mean and process variability needs transformation to obtain statistics for the process location and variability, respectively, as formulated in Equations ( 7) and (8) followed by calculation in Equation (9).…”

Section: Max-mchart and Max-half-mchart For Individual Observationsmentioning

confidence: 99%

“…Hence, when it is transformed to the quantile of the standard normal distribution, it produces a large negative value. The absolute value of this large negative score will raise strong signals and will be selected as a single statistic in the Max-Mchart, as formulated in Equation (9). This empirical fact causes either an inaccurate in-control/out-of-control conclusion as in Figure 3 on the 16-th and 32-nd samples or inconsistency pattern on the 54-th, 55-th, and 56-th samples.…”

Section: Max-mchart and Max-half-mchart For Individual Observationsmentioning

confidence: 99%

“…The Hotelling's 2 is a conventional control chart used for monitoring the mean vector. The literature comprises several studies on the Hotelling's 2 control chart, including Sullivan and Woodall, 1 Vargas, 2 Chen and Hsieh, 3 Alfaro and Ortega, 4 Yahaya et al, 5 Chattinnawat and Bilen, 6 Haddad and Alsmadi, 7 Vives-Mestres et al, 8 Ahsan et al, 9 and Khatun et al 10 A few control charts have also been developed to monitor covariance matrices. One of them is the generalized variance (GV) control chart by Anderson.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The effectiveness of Max‐half‐Mchart over Max‐Mchart in simultaneously monitoring process mean and variability of individual observations

Kruba

Mashuri

Prastyo

2021

Quality & Reliability Eng

Self Cite

View full text Add to dashboard Cite

Control charts are widely used in industrial environments for the simultaneous or separate monitoring of the process mean and process variability. The Max-Mchart is a multivariate Shewhart-type simultaneous control chart that is used when monitoring subgroups. While this sampling design allows the computation of the generalized variance (GV) used to calculate the process variability, a GV chart cannot be plotted for individual observations. Hence, we cannot compute the single statistic in the Max-Mchart. This study aims to overcome the aforementioned issue. To this end, first, we develop a new Max-Mchart for individual observations by utilizing the statistic in the dispersion control chart. Second, instead of the standard normal distribution, we propose a new transformation using a half-normal distribution to calculate the statistic for the process mean and process variability. Thus, the proposed chart is called the Max-Half-Mchart, whose control limit is calculated using the bootstrap approach. An evaluation based on the average run length values shows the robustness of the Max-Half-Mchart for the simultaneous monitoring of the process mean and process variability. The single statistic in the Max-Half-Mchart is more consistent with the statistic in Hotelling's 2 and the dispersion chart than that of the Max-Mchart.

show abstract

Section: Max-mchart and Max-half-mchart For Individual Observationsmentioning

confidence: 99%

Section: Max-mchart and Max-half-mchart For Individual Observationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The effectiveness of Max‐half‐Mchart over Max‐Mchart in simultaneously monitoring process mean and variability of individual observations

Kruba

Mashuri

Prastyo

2021

Quality & Reliability Eng

Self Cite

View full text Add to dashboard Cite

show abstract

“…It uses an entropy and hybrid approach to prevent attackers into training models and tricking them that attack traffic is a regular one. Multiple fields have been observed from network traffic to achieve the best possible result but in [26] we find an explanation of the attempt to use the statistical process control applied in the IDS where principal component analysis is used to overcome the problems caused by a big number of quality characteristics.…”

Section: Anomaly Detection and Classification Algorithmsmentioning

confidence: 99%

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Babic¹,

Miljković²,

Čabarkapa

et al. 2021

Symmetry

View full text Add to dashboard Cite

This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on an observed and protected network is determined by using all three values obtained with three known IDS algorithms i.e., on previously recorded data by making a decision by majority. For these algorithms authors used algorithm of k-nearest neighbors, cumulative sum algorithm, and algorithm of exponentially weighted moving average. Using a proposed method we can get a threshold that is more precisely determined than in the case of any method individual. Practically, using TMR we obtain a dynamically threshold adjustment of IDS software, which reduces the existence of false alarms and undetected attacks, so the efficiency of such IDS software is notably higher and can get better results. Today, Denial of Service attacks (DoS) are one of the most present type of attacks and the reason for the special attention paid to them in this paper. In addition, the authors of the proposed method for IDS software used a known CIC-DDoS2019 dataset, which contains various data recordings of such attacks. Obtained results with the proposed solution showed better characteristics than each individual used algorithm in this solution. IDS software with the proposed method worked precisely and timely, which means alarms were triggered properly and efficiently.

show abstract

“…Khusna et al [19] proposed the bootstrap for Max-MCUSUM for autocorrelated data. Ahsan et al [20] also built a control limit in the T 2 control chart for detection instructions. The Bootstrap control limit for conventional Max-Mchart was also developed by Kruba et al [21] when monitoring fertilizer.…”

Section: New Simultaneous Control Chartmentioning

confidence: 99%

Max-Half-Mchart: A Simultaneous Control Chart Using a Half-Normal Distribution for Subgroup Observations

2021

Self Cite

View full text Add to dashboard Cite

A Simultaneous control chart is a well-known tool for monitoring the process mean and process variability with a single chart. In recent decades, many researchers have been interested in developing simultaneous control charts. The Shewhart chart is the most common and simple simultaneous control chart. The Multivariate Maximum control chart (Max-Mchart) is a type Shewhart chart that simultaneously monitors the process of multivariate data. This paper proposes a new transformation using a half-normal distribution to improve the Max-chart performance for subgroup observations. The new proposed chart is called Max-Half-Mchart. The Average Run Length (ARL) results show that the proposed Max-Half-Mchart outperforms the Max-Mchart. Additionally, in real data scenarios, the proposed Max-Half-Mchart is consistent with the statistic in the Hotelling T 2 chart and the Generalized Variance (GV) chart.

show abstract

Intrusion Detection System Using Multivariate Control Chart Hotelling's T2 Based on PCA

Cited by 30 publications

References 39 publications

The effectiveness of Max‐half‐Mchart over Max‐Mchart in simultaneously monitoring process mean and variability of individual observations

The effectiveness of Max‐half‐Mchart over Max‐Mchart in simultaneously monitoring process mean and variability of individual observations

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Max-Half-Mchart: A Simultaneous Control Chart Using a Half-Normal Distribution for Subgroup Observations

Contact Info

Product

Resources

About