MULTIVARIATE T2 CONTROL CHART BASED ON JAMES-STEIN AND SUCCESSIVE DIFFERENCE COVARIANCE MATRIX ESTIMATORS FOR INTRUSION DETECTION
Article Sidebar
Published:
Sep 30, 2019
Keywords:
T2 control chart James-Stein estimator successive difference covariance matrix kernel density estimation intrusion detection
Main Article Content
Abstract
The intrusion detection is a process to monitor the events taking place in a computer system or network and analyse the monitoring results to find signs of intrusion. The multivariate control chart, which is often used in the intrusion detection system, is Hotelling's T2. In this study, the Hotelling's T2 chart performance for intrusion detection is improved using the successive difference covariance matrix to estimate the covariance matrix and James-Stein estimator to estimate the mean vector. The control limits of the proposed chart are calculated using kernel density estimation. The performance of the proposed method, using T2 based on kernel density estimation control limit, outperforms the other control chart approaches in both training and testing dataset.
Downloads
Download data is not yet available.
Article Details
How to Cite
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., & Khusna, H. (2019). MULTIVARIATE T2 CONTROL CHART BASED ON JAMES-STEIN AND SUCCESSIVE DIFFERENCE COVARIANCE MATRIX ESTIMATORS FOR INTRUSION DETECTION. Malaysian Journal of Science, 38(Sp2), 23–35. https://doi.org/10.22452/mjs.sp2019no2.3
Section
ISMI-ICTAS18 (Published)
Licensee MJS, Universiti Malaya, Malaysia. This article is an open-access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
References
Abu‐Shawiesh, M. O. A., Kibria, G., and George, F. (2014). A robust bivariate control chart alternative to the Hotelling’s T2 control chart. Quality and Reliability Engineering International, 30(1): 25–35.
Ahsan, M., Mashuri, M., and Khusna, H. (2017). Evaluation of Laney p’ chart performance. International Journal of Applied Engineering Research, 12(24): 14208–14217.
Ahsan, M., Mashuri, M., and Khusna, H. (2018). Intrusion detection system using bootstrap resampling approach of T2 control chart based on successive difference covariance matrix. Journal of Theoretical and Applied Information Technology, 96(8): 2128–2138.
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018a). Multivariate control chart based on PCA mix for variable and attribute quality characteristics. Production & Manufacturing Research, 6(1): 364–384. https://doi.org/10.1080/21693277.2018.1517055
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018b). T2 control chart based on successive difference covariance matrix for intrusion detection system. In Journal of Physics: Conference Series, 1028: 12220.
Alfaro, J. L., and Ortega, J. F. (2009). A comparison of robust alternatives to Hotelling’s T2 control chart. Journal of Applied Statistics, 36(12): 1385–1396. https://doi.org/10.1080/02664760902810813
Alkindi, Mashuri, M., and Prastyo, D. D. (2016). T2 hotelling fuzzy and W2 control chart with application to wheat flour production process. In AIP Conference Proceedings, 1746. https://doi.org/10.1063/1.4953977
Arkat, J., Niaki, S. T. A., and Abbasi, B. (2007). Artificial neural networks in applying MCUSUM residuals charts for AR(1) processes. Applied Mathematics and Computation, 189(2): 1889–1901. https://doi.org/10.1016/j.amc.2006.12.081
Bace, R., and Mell, P. (2001). NIST special publication on intrusion detection systems. Special Publication (NIST SP) - 800-31. https://doi.org/10.1016/S1361-3723(01)00614-5
Bersimis, S., Sgora, A., and Psarakis, S. (2016). The application of multivariate statistical process monitoring in non-industrial processes. Quality Technology and Quantitative Management, 3703(September): 1–24. https://doi.org/10.1080/16843703.2016.1226711
Catania, C. A., and Garino, C. G. (2012). Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering, 38(5): 1062–1072. https://doi.org/10.1016/j.compeleceng.2012.05.013
Chou, Y.-M., Mason, R., and Young, J. (2001). The control chart for individual observations from a multivariate non-normal distribution. Communications in Statistics: Theory & Methods, 30(8-9): 1937-1949. https://doi.org/10.1081/STA-100105706
Chou, Y., Mason, R. L., and Young, J. C. (1999). Power comparisons for a hotelling’s t 2 STATISTIC. Communications in Statistics - Simulation and Computation, 28(4): 1031–1050. https://doi.org/10.1080/03610919908813591
Hawkins, D. M., and Merriam, D. F. (1974). Zonation of multivariate sequences of digitized geologic data. Journal of the International Association for Mathematical Geology, 6(3): 263–269. https://doi.org/10.1007/BF02082892
Holmes, D. S., and Mergen, A. E. (1993). Improving the performance of the T2 control chart. Quality Engineering, 5(4): 619–625. https://doi.org/10.1080/08982119308919004
Hotelling, H. (1974). Multivariate quality control. In Techniques of Statistical Analysis. New York: McGraw-Hill.
Issam, B. K., and Mohamed, L. (2008). Support vector regression based residual MCUSUM control chart for autocorrelated process. Applied
Mathematics and Computation, 201(1–2): 565–574. https://doi.org/10.1016/j.amc.2007.12.059
James, W., and Stein, C. (1961). Estimation with quadratic loss. In Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, 1: 361–379.
Khusna, H., Mashuri, M., Ahsan, M., Suhartono, S., and Prastyo, D. D. (2018a). Bootstrap based maximum multivariate CUSUM control chart. Quality Technology & Quantitative Management. https://doi.org/10.1080/16843703.2018.1535765
Khusna, H., Mashuri, M., Suhartono, Prastyo, D. D., and Ahsan, M. (2018b). Multioutput least square SVR based multivariate EWMA control chart. In Journal of Physics: Conference Series, 1028(1): 12221. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012221
Lehmann, E. L., and Casella, G. (2006). Theory of Point Estimation. Springer Science & Business Media.
Mason, R. L., and Young, J. C. (2002). Multivariate Statistical Process Control with Industrial Applications. Society for Industrial and Applied
Mathematics. Retrieved from http://epubs.siam.org/doi/book/10.1137/1.9780898718461
Montgomery, D. (2009). Introduction to Statistical Quality Control. New York: John Wiley & Sons Inc. https://doi.org/10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C
Murray Rosenblatt. (1956). Remarks on Some Nonparametric Estimates of a Density Function. The Annals of Mathematical Statistics, 27: 832–837. https://doi.org/10.1214/aoms/1177728190
Page, E. S. (1961). Cumulative Sum Charts. Technometrics, 3(1): 1–9. https://doi.org/10.1080/00401706.1961.10489922
Park, Y. (2005). A Statistical Process Control Approach for Network Intrusion Detection. Georgia Insitute of Technology.
Parzen, E. (1962). On estimation of a probability density function and mode. The Annals of Mathematical Statistics, 33(3): 1065–1076. https://doi.org/10.1214/aoms/1177704472
Phaladiganon, P., Kim, S. B., Chen, V. C. P., Baek, J.-G., and Park, S.-K. (2011). Bootstrap-based T2 multivariate control charts. Communications in
Statistics - Simulation and Computation, 40(5): 645–662. https://doi.org/10.1080/03610918.2010.549989
Phaladiganon, P., Kim, S. B., Chen, V. C. P., and Jiang, W. (2013). Principal component analysis-based control charts for multivariate nonnormal distributions. Expert Systems with Applications, 40(8): 3044–3054. https://doi.org/10.1016/j.eswa.2012.12.020
Pirhooshyaran, M., and Niaki, S. T. A. (2015). A double-max MEWMA scheme for simultaneous monitoring and fault isolation of multivariate multistage auto-correlated processes based on novel reduced-dimension statistics. Journal of Process Control, 29: 11–22. https://doi.org/10.1016/j.jprocont.2015.03.008
Roberts, S. W. (1959). Control Chart Tests Based on Geometric Moving Averages. Technometrics, 1(3): 239–250. https://doi.org/10.1080/00401706.1959.10489860
Shenfield, A., Day, D., and Ayesh, A. (2018). Intelligent intrusion detection systems using artificial neural networks. ICT Express, 4(2): 95-99.
Shewhart, W. A. (1924). Some applications of statistical methods to the analysis of physical and engineering data. Bell Labs Technical Journal, 3(1): 43–87.
Stein, C. (1956). Inadmissibility of the Usual Estimator for the Mean of a Multivariate Normal Distribution. United States: Stanford University Stanford.
Stolfo, S. J. (1999). KDD cup 1999 dataset. UCI KDD Repository. Http://Kdd.Ics.Uci.Edu, 0.
Sullivan, J. H., and Woodall, W. H. (1996). A comparison of multivariate control charts for individual observations. Journal of Quality Technology, 28(4): 398–408.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. https://doi.org/10.1109/CISDA.2009.5356528
Vargas, N. J. (2003). Robust estimation in multivariate control charts for individual observations. Journal of Quality Technology, 35(4): 367–376.
Wang, H., Huwang, L., and Yu, J. H. (2015). Multivariate control charts based on the James–Stein estimator. European Journal of Operational Research, 246(1): 119–127.
Wibawati, Mashuri, M., Purhadi, and Irhamah. (2016). Fuzzy multinomial control chart and its application. In AIP Conference Proceedings, 1718(1): 110004. https://doi.org/10.1063/1.4943351
Wibawati, Mashuri, M., Purhadi, Irhamah, and Ahsan, M. (2018). Performance fuzzy multinomial control chart. In Journal of Physics: Conference Series, 1028(1): 12120. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012120
Williams, J. D., Woodall, W. H., Birch, J. B., and Sullivan, J. O. E. H. (2006). On the distribution of Hotelling’s T2 statistic based on the successive differences covariance matrix estimator. Journal of Quality Technology, 38: 217–229.
Wororomi, J. K., Mashuri, M., Irhamah, and Arifin, A. Z. (2014). On monitoring shift in the mean processes with vector autoregressive residual control charts of individual observation. Applied Mathematical Sciences, 8: 3491–3499. https://doi.org/10.12988/ams.2014.44298
Ahsan, M., Mashuri, M., and Khusna, H. (2017). Evaluation of Laney p’ chart performance. International Journal of Applied Engineering Research, 12(24): 14208–14217.
Ahsan, M., Mashuri, M., and Khusna, H. (2018). Intrusion detection system using bootstrap resampling approach of T2 control chart based on successive difference covariance matrix. Journal of Theoretical and Applied Information Technology, 96(8): 2128–2138.
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018a). Multivariate control chart based on PCA mix for variable and attribute quality characteristics. Production & Manufacturing Research, 6(1): 364–384. https://doi.org/10.1080/21693277.2018.1517055
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018b). T2 control chart based on successive difference covariance matrix for intrusion detection system. In Journal of Physics: Conference Series, 1028: 12220.
Alfaro, J. L., and Ortega, J. F. (2009). A comparison of robust alternatives to Hotelling’s T2 control chart. Journal of Applied Statistics, 36(12): 1385–1396. https://doi.org/10.1080/02664760902810813
Alkindi, Mashuri, M., and Prastyo, D. D. (2016). T2 hotelling fuzzy and W2 control chart with application to wheat flour production process. In AIP Conference Proceedings, 1746. https://doi.org/10.1063/1.4953977
Arkat, J., Niaki, S. T. A., and Abbasi, B. (2007). Artificial neural networks in applying MCUSUM residuals charts for AR(1) processes. Applied Mathematics and Computation, 189(2): 1889–1901. https://doi.org/10.1016/j.amc.2006.12.081
Bace, R., and Mell, P. (2001). NIST special publication on intrusion detection systems. Special Publication (NIST SP) - 800-31. https://doi.org/10.1016/S1361-3723(01)00614-5
Bersimis, S., Sgora, A., and Psarakis, S. (2016). The application of multivariate statistical process monitoring in non-industrial processes. Quality Technology and Quantitative Management, 3703(September): 1–24. https://doi.org/10.1080/16843703.2016.1226711
Catania, C. A., and Garino, C. G. (2012). Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering, 38(5): 1062–1072. https://doi.org/10.1016/j.compeleceng.2012.05.013
Chou, Y.-M., Mason, R., and Young, J. (2001). The control chart for individual observations from a multivariate non-normal distribution. Communications in Statistics: Theory & Methods, 30(8-9): 1937-1949. https://doi.org/10.1081/STA-100105706
Chou, Y., Mason, R. L., and Young, J. C. (1999). Power comparisons for a hotelling’s t 2 STATISTIC. Communications in Statistics - Simulation and Computation, 28(4): 1031–1050. https://doi.org/10.1080/03610919908813591
Hawkins, D. M., and Merriam, D. F. (1974). Zonation of multivariate sequences of digitized geologic data. Journal of the International Association for Mathematical Geology, 6(3): 263–269. https://doi.org/10.1007/BF02082892
Holmes, D. S., and Mergen, A. E. (1993). Improving the performance of the T2 control chart. Quality Engineering, 5(4): 619–625. https://doi.org/10.1080/08982119308919004
Hotelling, H. (1974). Multivariate quality control. In Techniques of Statistical Analysis. New York: McGraw-Hill.
Issam, B. K., and Mohamed, L. (2008). Support vector regression based residual MCUSUM control chart for autocorrelated process. Applied
Mathematics and Computation, 201(1–2): 565–574. https://doi.org/10.1016/j.amc.2007.12.059
James, W., and Stein, C. (1961). Estimation with quadratic loss. In Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, 1: 361–379.
Khusna, H., Mashuri, M., Ahsan, M., Suhartono, S., and Prastyo, D. D. (2018a). Bootstrap based maximum multivariate CUSUM control chart. Quality Technology & Quantitative Management. https://doi.org/10.1080/16843703.2018.1535765
Khusna, H., Mashuri, M., Suhartono, Prastyo, D. D., and Ahsan, M. (2018b). Multioutput least square SVR based multivariate EWMA control chart. In Journal of Physics: Conference Series, 1028(1): 12221. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012221
Lehmann, E. L., and Casella, G. (2006). Theory of Point Estimation. Springer Science & Business Media.
Mason, R. L., and Young, J. C. (2002). Multivariate Statistical Process Control with Industrial Applications. Society for Industrial and Applied
Mathematics. Retrieved from http://epubs.siam.org/doi/book/10.1137/1.9780898718461
Montgomery, D. (2009). Introduction to Statistical Quality Control. New York: John Wiley & Sons Inc. https://doi.org/10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C
Murray Rosenblatt. (1956). Remarks on Some Nonparametric Estimates of a Density Function. The Annals of Mathematical Statistics, 27: 832–837. https://doi.org/10.1214/aoms/1177728190
Page, E. S. (1961). Cumulative Sum Charts. Technometrics, 3(1): 1–9. https://doi.org/10.1080/00401706.1961.10489922
Park, Y. (2005). A Statistical Process Control Approach for Network Intrusion Detection. Georgia Insitute of Technology.
Parzen, E. (1962). On estimation of a probability density function and mode. The Annals of Mathematical Statistics, 33(3): 1065–1076. https://doi.org/10.1214/aoms/1177704472
Phaladiganon, P., Kim, S. B., Chen, V. C. P., Baek, J.-G., and Park, S.-K. (2011). Bootstrap-based T2 multivariate control charts. Communications in
Statistics - Simulation and Computation, 40(5): 645–662. https://doi.org/10.1080/03610918.2010.549989
Phaladiganon, P., Kim, S. B., Chen, V. C. P., and Jiang, W. (2013). Principal component analysis-based control charts for multivariate nonnormal distributions. Expert Systems with Applications, 40(8): 3044–3054. https://doi.org/10.1016/j.eswa.2012.12.020
Pirhooshyaran, M., and Niaki, S. T. A. (2015). A double-max MEWMA scheme for simultaneous monitoring and fault isolation of multivariate multistage auto-correlated processes based on novel reduced-dimension statistics. Journal of Process Control, 29: 11–22. https://doi.org/10.1016/j.jprocont.2015.03.008
Roberts, S. W. (1959). Control Chart Tests Based on Geometric Moving Averages. Technometrics, 1(3): 239–250. https://doi.org/10.1080/00401706.1959.10489860
Shenfield, A., Day, D., and Ayesh, A. (2018). Intelligent intrusion detection systems using artificial neural networks. ICT Express, 4(2): 95-99.
Shewhart, W. A. (1924). Some applications of statistical methods to the analysis of physical and engineering data. Bell Labs Technical Journal, 3(1): 43–87.
Stein, C. (1956). Inadmissibility of the Usual Estimator for the Mean of a Multivariate Normal Distribution. United States: Stanford University Stanford.
Stolfo, S. J. (1999). KDD cup 1999 dataset. UCI KDD Repository. Http://Kdd.Ics.Uci.Edu, 0.
Sullivan, J. H., and Woodall, W. H. (1996). A comparison of multivariate control charts for individual observations. Journal of Quality Technology, 28(4): 398–408.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. https://doi.org/10.1109/CISDA.2009.5356528
Vargas, N. J. (2003). Robust estimation in multivariate control charts for individual observations. Journal of Quality Technology, 35(4): 367–376.
Wang, H., Huwang, L., and Yu, J. H. (2015). Multivariate control charts based on the James–Stein estimator. European Journal of Operational Research, 246(1): 119–127.
Wibawati, Mashuri, M., Purhadi, and Irhamah. (2016). Fuzzy multinomial control chart and its application. In AIP Conference Proceedings, 1718(1): 110004. https://doi.org/10.1063/1.4943351
Wibawati, Mashuri, M., Purhadi, Irhamah, and Ahsan, M. (2018). Performance fuzzy multinomial control chart. In Journal of Physics: Conference Series, 1028(1): 12120. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012120
Williams, J. D., Woodall, W. H., Birch, J. B., and Sullivan, J. O. E. H. (2006). On the distribution of Hotelling’s T2 statistic based on the successive differences covariance matrix estimator. Journal of Quality Technology, 38: 217–229.
Wororomi, J. K., Mashuri, M., Irhamah, and Arifin, A. Z. (2014). On monitoring shift in the mean processes with vector autoregressive residual control charts of individual observation. Applied Mathematical Sciences, 8: 3491–3499. https://doi.org/10.12988/ams.2014.44298