An anomaly detection system based on the multivariate control charts
碩士 === 國立屏東科技大學 === 工業管理系所 === 101 === The varieties of network applications provide convenient services to users and create many commerce markets. However, lots of network hacking activities have been attacking the services and cause extensive damage and inconvenience. It is very important for netw...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2013
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/52947998112151088228 |
| Summary: | 碩士 === 國立屏東科技大學 === 工業管理系所 === 101 === The varieties of network applications provide convenient services to users and create many commerce markets. However, lots of network hacking activities have been attacking the services and cause extensive damage and inconvenience. It is very important for network managers to protect the services and improve the QoS and the security. Many network intrusion detection systems are developed to protect the services. Systems only using single signature to detect the abnormal behaviors achieve limited accuracy. In this paper we use multivariate statistical processes control scheme, MSPC, to establish the control chart. The network traffic data were collected from Ming Chuan University. The dataset are stored in Netflow format and dated from 2012/05/15 to 2012/06/22. Three parameters: connection numbers, packet numbers and packet octets are computed to create the Hotelling’s T2 control chart and MEWMA control chart to monitor the traffic behaviors. We use NS2 simulation to generate normal and abnormal traffic data to calculate the values for the control chart. False positive rate and false negative rate are computed for different control limits and λ values. The results show that multivariate control charts are better than univariate control charts when there are high correlation coefficient between the parameters.
|
|---|