Comparing the performance of T 2 chart based on PCA Mix, Kernel PCA Mix, and Mixed Kernel PCA for Network Anomaly Detection

Statistical Process Control (SPC) is not only used to monitor the quality of manufacturing processes and services but also is applied to detect intrusions in the network. Hotelling’s T 2 chart is the SPC method that has been widely developed for intrusion detection. However, in its application, the conventional Hotelling’s T 2 chart has several drawbacks such as less effective when used to monitor large observations and quality characteristics. Conventional Hotelling’s T 2 chart is not perform-well for non-Gaussian distributed data. Also, the current conventional control chart has not been able to monitor the processes which have mixed quality characteristics. To overcome these weaknesses, two types of the control chart is proposed in this study, namely, the multivariate control chart based on Principal Component Analysis (PCA) Mix and Kernel PCA. For Kernel PCA chart, two schemes are developed, that is Kernel PCA Mix and Mixed Kernel PCA control charts. Kernel Density Estimation (KDE) is employed to estimate the control limits of the developed charts. In monitoring the network intrusion, the proposed control charts are applied to well-known NSL-KDD dataset. The evaluation performance shows that the PCA Mix chart can detect attacks occurred on the network more accurate and faster compared to the Kernel PCA Mix and Mixed Kernel PCA charts.