Abstract
In this chapter, a novel anomaly detection scheme that uses a robust principal component classifier (PCC) to handle computer network security problems is proposed. An intrusion predictive model is constructed from the major and minor principal components of the normal instances, where the difference of an anomaly from the normal instance is the distance in the principal component space. The screening of outliers prior to the principal component analysis adds the resistance property to the classifier which makes the method applicable to both the supervised and unsupervised training data. Several experiments using the KDD Cup 1999 data were conducted and the experimental results demonstrated that our proposed PCC method is superior to the k-nearest neighbor (KNN) method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on the Canberra metric.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Rights and permissions
About this chapter
Cite this chapter
Shyu, ML., Chen, SC., Sarinnapakorn, K., Chang, L. Principal Component-based Anomaly Detection Scheme. In: Young Lin, T., Ohsuga, S., Liau, CJ., Hu, X. (eds) Foundations and Novel Approaches in Data Mining. Studies in Computational Intelligence, vol 9. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11539827_18
Download citation
DOI: https://doi.org/10.1007/11539827_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28315-7
Online ISBN: 978-3-540-31229-1
eBook Packages: EngineeringEngineering (R0)