Premium
An anomaly detection technique based on a chi‐square statistic for detecting intrusions into information systems
Author(s) -
Ye g,
Chen Qiang
Publication year - 2001
Publication title -
quality and reliability engineering international
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.913
H-Index - 62
eISSN - 1099-1638
pISSN - 0748-8017
DOI - 10.1002/qre.392
Subject(s) - statistic , intrusion detection system , anomaly detection , false alarm , constant false alarm rate , anomaly based intrusion detection system , computer science , anomaly (physics) , data mining , test statistic , norm (philosophy) , system call , statistical hypothesis testing , statistics , algorithm , mathematics , artificial intelligence , physics , political science , law , programming language , condensed matter physics
Abstract An intrusion into an information system compromises its security (e.g. availability, integrity and confidentiality) through a series of events in the information system. Intrusive events often show departures (anomalies) from normal events in an information system. This paper presents an anomaly detection technique based on a chi‐square statistic. This technique builds a profile of normal events in an information system—a norm profile computes the departure of events in the recent past from the norm profile and detects a large departure as an anomaly—a likely intrusion. This technique was tested for its performance in distinguishing normal events from intrusive events in an information system. The test results demonstrated the promising performance of this technique for intrusion detection in terms of a low false alarm rate and a high detection rate. Intrusive events were detected at a very early stage. Copyright © 2001 John Wiley & Sons, Ltd.