Method of anomaly detection based on fusion principal components match

Yan Heng Liu; Lei Sun; Da Xin Tian; Jing Wu; Feng Hua Zhang

Method of anomaly detection based on fusion principal components match

Yan Heng Liu^*
, Lei Sun
, Da Xin Tian
, Jing Wu
, Feng Hua Zhang

^*Corresponding author for this work

College of Computer Science and Technology
Jilin University
Jilin Oilfield Vocation Education Center

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

According to the expansion of data storage, a method of anomaly detection based on Fusion Principal Component Match (FPCM) is presented. First, the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering. Then the clustering center is transmitted to a center node, which can reduce the traffic of data between nodes and achieve the fusion principal components. The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data. Finally, the decision tree method is used to accelerate the matching speed. Experiment results show that the FPCM method can maintain a high detection rate of DOS, an overall detection rate of 97% is obtained; meanwhile, the false positives is controlled below 10%. The detection rate of this method is equal to that of the existing methods.

Original language	English
Pages (from-to)	1314-1320
Number of pages	7
Journal	Jilin Daxue Xuebao (Gongxueban)/Journal of Jilin University (Engineering and Technology Edition)
Volume	39
Issue number	5
State	Published - Sep 2009
Externally published	Yes

Keywords

Clustering
Computer system organization
Decision trees
Intrusion detection
Principal component analysis

Cite this

@article{3183bfc176d043738ac2512f8b46ca21,

title = "Method of anomaly detection based on fusion principal components match",

abstract = "According to the expansion of data storage, a method of anomaly detection based on Fusion Principal Component Match (FPCM) is presented. First, the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering. Then the clustering center is transmitted to a center node, which can reduce the traffic of data between nodes and achieve the fusion principal components. The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data. Finally, the decision tree method is used to accelerate the matching speed. Experiment results show that the FPCM method can maintain a high detection rate of DOS, an overall detection rate of 97\% is obtained; meanwhile, the false positives is controlled below 10\%. The detection rate of this method is equal to that of the existing methods.",

keywords = "Clustering, Computer system organization, Decision trees, Intrusion detection, Principal component analysis",

author = "Liu, \{Yan Heng\} and Lei Sun and Tian, \{Da Xin\} and Jing Wu and Zhang, \{Feng Hua\}",

year = "2009",

month = sep,

language = "英语",

volume = "39",

pages = "1314--1320",

journal = "Jilin Daxue Xuebao (Gongxueban)/Journal of Jilin University (Engineering and Technology Edition)",

issn = "1671-5497",

publisher = "Editorial Board of Jilin University",

number = "5",

}

TY - JOUR

T1 - Method of anomaly detection based on fusion principal components match

AU - Liu, Yan Heng

AU - Sun, Lei

AU - Tian, Da Xin

AU - Wu, Jing

AU - Zhang, Feng Hua

PY - 2009/9

Y1 - 2009/9

N2 - According to the expansion of data storage, a method of anomaly detection based on Fusion Principal Component Match (FPCM) is presented. First, the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering. Then the clustering center is transmitted to a center node, which can reduce the traffic of data between nodes and achieve the fusion principal components. The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data. Finally, the decision tree method is used to accelerate the matching speed. Experiment results show that the FPCM method can maintain a high detection rate of DOS, an overall detection rate of 97% is obtained; meanwhile, the false positives is controlled below 10%. The detection rate of this method is equal to that of the existing methods.

AB - According to the expansion of data storage, a method of anomaly detection based on Fusion Principal Component Match (FPCM) is presented. First, the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering. Then the clustering center is transmitted to a center node, which can reduce the traffic of data between nodes and achieve the fusion principal components. The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data. Finally, the decision tree method is used to accelerate the matching speed. Experiment results show that the FPCM method can maintain a high detection rate of DOS, an overall detection rate of 97% is obtained; meanwhile, the false positives is controlled below 10%. The detection rate of this method is equal to that of the existing methods.

KW - Clustering

KW - Computer system organization

KW - Decision trees

KW - Intrusion detection

KW - Principal component analysis

UR - https://www.scopus.com/pages/publications/70349173014

M3 - 文章

AN - SCOPUS:70349173014

SN - 1671-5497

VL - 39

SP - 1314

EP - 1320

JO - Jilin Daxue Xuebao (Gongxueban)/Journal of Jilin University (Engineering and Technology Edition)

JF - Jilin Daxue Xuebao (Gongxueban)/Journal of Jilin University (Engineering and Technology Edition)

IS - 5

ER -

Method of anomaly detection based on fusion principal components match

Abstract

Keywords

Other files and links

Fingerprint

Cite this