Premium
Robustness of Chi‐square and Canberra distance metrics for computer intrusion detection
Author(s) -
Emran Syed Masum,
Ye g
Publication year - 2002
Publication title -
quality and reliability engineering international
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.913
H-Index - 62
eISSN - 1099-1638
pISSN - 0748-8017
DOI - 10.1002/qre.441
Subject(s) - robustness (evolution) , intrusion detection system , data mining , metric (unit) , euclidean distance , computer science , norm (philosophy) , intrusion , cryptography , mathematics , statistics , algorithm , engineering , artificial intelligence , biochemistry , chemistry , operations management , geochemistry , law , political science , gene , geology
Abstract Intrusion detection complements intrusion prevention mechanisms, such as firewalls, cryptography, and authentication, to capture intrusions into an information system while they are acting on the information system. We develop two multivariate quality control techniques based on chi‐square and Canberra distance metrics, respectively, to detect intrusions by building a long‐term profile of normal activities in the information system (norm profile) and using the norm profile to detect anomalies. We investigate the robustness of these two distance metrics by comparing their performance on a number of data sets involving different noise levels in data. The performance results indicate that the Chi‐square distance metric is much more robust to noises than the Canberra distance metric. Copyright © 2002 John Wiley & Sons, Ltd.