Group-Wise Principal Component Analysis for Exploratory Intrusion Detection
Metadata
Show full item recordAuthor
Camacho Páez, José; Theron, Roberto; García Giménez, José M.; Macía Fernández, Gabriel; García Teodoro, PedroEditorial
IEEE
Materia
Principal component analysis Group-wise Principal Component Analysis Anomaly detection Intrusion Detection
Date
2019-08-13Referencia bibliográfica
Camacho, J., Therón, R., García-Giménez, J. M., Maciá-Fernández, G., & García-Teodoro, P. (2019). Group-Wise Principal Component Analysis for Exploratory Intrusion Detection. IEEE Access, 7, 113081-113093.
Sponsorship
This work was supported in part by the Spanish Government-MINECO (Ministerio de Economía y Competitividad), using the Fondo Europeo de Desarrollo Regional (FEDER), under Projects TIN2014-60346-R and Project TIN2017-83494-R.Abstract
Intrusion detection is a relevant layer of cybersecurity to prevent hacking and illegal activities
from happening on the assets of corporations. Anomaly-based Intrusion Detection Systems perform an
unsupervised analysis on data collected from the network and end systems, in order to identify singular
events. While this approach may produce many false alarms, it is also capable of identifying new (zeroday)
security threats. In this context, the use of multivariate approaches such as Principal Component
Analysis (PCA) provided promising results in the past. PCA can be used in exploratory mode or in learning
mode. Here, we propose an exploratory intrusion detection that replaces PCA with Group-wise PCA
(GPCA), a recently proposed data analysis technique with additional exploratory characteristics. A main
advantage of GPCA over PCA is that the former yields simple models, easy to understand by security
professionals not trained in multivariate tools. Besides, the workflow in the intrusion detection with GPCA
is more coherent with dominant strategies in intrusion detection. We illustrate the application of GPCA in
two case studies.