MULTIVARIATE T2 CONTROL CHART BASED ON JAMES-STEIN AND SUCCESSIVE DIFFERENCE COVARIANCE MATRIX ESTIMATORS FOR INTRUSION DETECTION
Article Sidebar
Published:
Sep 30, 2019
Keywords:
T2 control chart James-Stein estimator successive difference covariance matrix kernel density estimation intrusion detection
Main Article Content
Abstract
The intrusion detection is a process to monitor the events taking place in a computer system or network and analyse the monitoring results to find signs of intrusion. The multivariate control chart, which is often used in the intrusion detection system, is Hotelling's T2. In this study, the Hotelling's T2 chart performance for intrusion detection is improved using the successive difference covariance matrix to estimate the covariance matrix and James-Stein estimator to estimate the mean vector. The control limits of the proposed chart are calculated using kernel density estimation. The performance of the proposed method, using T2 based on kernel density estimation control limit, outperforms the other control chart approaches in both training and testing dataset.
Downloads
Download data is not yet available.
Article Details
How to Cite
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., & Khusna, H. (2019). MULTIVARIATE T2 CONTROL CHART BASED ON JAMES-STEIN AND SUCCESSIVE DIFFERENCE COVARIANCE MATRIX ESTIMATORS FOR INTRUSION DETECTION. Malaysian Journal of Science, 38(Sp2), 23–35. https://doi.org/10.22452/mjs.sp2019no2.3
Section
ISMI-ICTAS18 (Published)
Transfer of Copyrights
- In the event of publication of the manuscript entitled [INSERT MANUSCRIPT TITLE AND REF NO.] in the Malaysian Journal of Science, I hereby transfer copyrights of the manuscript title, abstract and contents to the Malaysian Journal of Science and the Faculty of Science, University of Malaya (as the publisher) for the full legal term of copyright and any renewals thereof throughout the world in any format, and any media for communication.
Conditions of Publication
- I hereby state that this manuscript to be published is an original work, unpublished in any form prior and I have obtained the necessary permission for the reproduction (or am the owner) of any images, illustrations, tables, charts, figures, maps, photographs and other visual materials of whom the copyrights is owned by a third party.
- This manuscript contains no statements that are contradictory to the relevant local and international laws or that infringes on the rights of others.
- I agree to indemnify the Malaysian Journal of Science and the Faculty of Science, University of Malaya (as the publisher) in the event of any claims that arise in regards to the above conditions and assume full liability on the published manuscript.
Reviewer’s Responsibilities
- Reviewers must treat the manuscripts received for reviewing process as confidential. It must not be shown or discussed with others without the authorization from the editor of MJS.
- Reviewers assigned must not have conflicts of interest with respect to the original work, the authors of the article or the research funding.
- Reviewers should judge or evaluate the manuscripts objective as possible. The feedback from the reviewers should be express clearly with supporting arguments.
- If the assigned reviewer considers themselves not able to complete the review of the manuscript, they must communicate with the editor, so that the manuscript could be sent to another suitable reviewer.
Copyright: Rights of the Author(s)
- Effective 2007, it will become the policy of the Malaysian Journal of Science (published by the Faculty of Science, University of Malaya) to obtain copyrights of all manuscripts published. This is to facilitate:
(a) Protection against copyright infringement of the manuscript through copyright breaches or piracy.
(b) Timely handling of reproduction requests from authorized third parties that are addressed directly to the Faculty of Science, University of Malaya. - As the author, you may publish the fore-mentioned manuscript, whole or any part thereof, provided acknowledgement regarding copyright notice and reference to first publication in the Malaysian Journal of Science and Faculty of Science, University of Malaya (as the publishers) are given.
You may produce copies of your manuscript, whole or any part thereof, for teaching purposes or to be provided, on individual basis, to fellow researchers. - You may include the fore-mentioned manuscript, whole or any part thereof, electronically on a secure network at your affiliated institution, provided acknowledgement regarding copyright notice and reference to first publication in the Malaysian Journal of Science and Faculty of Science, University of Malaya (as the publishers) are given.
- You may include the fore-mentioned manuscript, whole or any part thereof, on the World Wide Web, provided acknowledgement regarding copyright notice and reference to first publication in the Malaysian Journal of Science and Faculty of Science, University of Malaya (as the publishers) are given.
- In the event that your manuscript, whole or any part thereof, has been requested to be reproduced, for any purpose or in any form approved by the Malaysian Journal of Science and Faculty of Science, University of Malaya (as the publishers), you will be informed. It is requested that any changes to your contact details (especially e-mail addresses) are made known.
Copyright: Role and responsibility of the Author(s)
- In the event of the manuscript to be published in the Malaysian Journal of Science contains materials copyrighted to others prior, it is the responsibility of current author(s) to obtain written permission from the copyright owner or owners.
- This written permission should be submitted with the proof-copy of the manuscript to be published in the Malaysian Journal of Science
References
Abu‐Shawiesh, M. O. A., Kibria, G., and George, F. (2014). A robust bivariate control chart alternative to the Hotelling’s T2 control chart. Quality and Reliability Engineering International, 30(1): 25–35.
Ahsan, M., Mashuri, M., and Khusna, H. (2017). Evaluation of Laney p’ chart performance. International Journal of Applied Engineering Research, 12(24): 14208–14217.
Ahsan, M., Mashuri, M., and Khusna, H. (2018). Intrusion detection system using bootstrap resampling approach of T2 control chart based on successive difference covariance matrix. Journal of Theoretical and Applied Information Technology, 96(8): 2128–2138.
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018a). Multivariate control chart based on PCA mix for variable and attribute quality characteristics. Production & Manufacturing Research, 6(1): 364–384. https://doi.org/10.1080/21693277.2018.1517055
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018b). T2 control chart based on successive difference covariance matrix for intrusion detection system. In Journal of Physics: Conference Series, 1028: 12220.
Alfaro, J. L., and Ortega, J. F. (2009). A comparison of robust alternatives to Hotelling’s T2 control chart. Journal of Applied Statistics, 36(12): 1385–1396. https://doi.org/10.1080/02664760902810813
Alkindi, Mashuri, M., and Prastyo, D. D. (2016). T2 hotelling fuzzy and W2 control chart with application to wheat flour production process. In AIP Conference Proceedings, 1746. https://doi.org/10.1063/1.4953977
Arkat, J., Niaki, S. T. A., and Abbasi, B. (2007). Artificial neural networks in applying MCUSUM residuals charts for AR(1) processes. Applied Mathematics and Computation, 189(2): 1889–1901. https://doi.org/10.1016/j.amc.2006.12.081
Bace, R., and Mell, P. (2001). NIST special publication on intrusion detection systems. Special Publication (NIST SP) - 800-31. https://doi.org/10.1016/S1361-3723(01)00614-5
Bersimis, S., Sgora, A., and Psarakis, S. (2016). The application of multivariate statistical process monitoring in non-industrial processes. Quality Technology and Quantitative Management, 3703(September): 1–24. https://doi.org/10.1080/16843703.2016.1226711
Catania, C. A., and Garino, C. G. (2012). Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering, 38(5): 1062–1072. https://doi.org/10.1016/j.compeleceng.2012.05.013
Chou, Y.-M., Mason, R., and Young, J. (2001). The control chart for individual observations from a multivariate non-normal distribution. Communications in Statistics: Theory & Methods, 30(8-9): 1937-1949. https://doi.org/10.1081/STA-100105706
Chou, Y., Mason, R. L., and Young, J. C. (1999). Power comparisons for a hotelling’s t 2 STATISTIC. Communications in Statistics - Simulation and Computation, 28(4): 1031–1050. https://doi.org/10.1080/03610919908813591
Hawkins, D. M., and Merriam, D. F. (1974). Zonation of multivariate sequences of digitized geologic data. Journal of the International Association for Mathematical Geology, 6(3): 263–269. https://doi.org/10.1007/BF02082892
Holmes, D. S., and Mergen, A. E. (1993). Improving the performance of the T2 control chart. Quality Engineering, 5(4): 619–625. https://doi.org/10.1080/08982119308919004
Hotelling, H. (1974). Multivariate quality control. In Techniques of Statistical Analysis. New York: McGraw-Hill.
Issam, B. K., and Mohamed, L. (2008). Support vector regression based residual MCUSUM control chart for autocorrelated process. Applied
Mathematics and Computation, 201(1–2): 565–574. https://doi.org/10.1016/j.amc.2007.12.059
James, W., and Stein, C. (1961). Estimation with quadratic loss. In Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, 1: 361–379.
Khusna, H., Mashuri, M., Ahsan, M., Suhartono, S., and Prastyo, D. D. (2018a). Bootstrap based maximum multivariate CUSUM control chart. Quality Technology & Quantitative Management. https://doi.org/10.1080/16843703.2018.1535765
Khusna, H., Mashuri, M., Suhartono, Prastyo, D. D., and Ahsan, M. (2018b). Multioutput least square SVR based multivariate EWMA control chart. In Journal of Physics: Conference Series, 1028(1): 12221. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012221
Lehmann, E. L., and Casella, G. (2006). Theory of Point Estimation. Springer Science & Business Media.
Mason, R. L., and Young, J. C. (2002). Multivariate Statistical Process Control with Industrial Applications. Society for Industrial and Applied
Mathematics. Retrieved from http://epubs.siam.org/doi/book/10.1137/1.9780898718461
Montgomery, D. (2009). Introduction to Statistical Quality Control. New York: John Wiley & Sons Inc. https://doi.org/10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C
Murray Rosenblatt. (1956). Remarks on Some Nonparametric Estimates of a Density Function. The Annals of Mathematical Statistics, 27: 832–837. https://doi.org/10.1214/aoms/1177728190
Page, E. S. (1961). Cumulative Sum Charts. Technometrics, 3(1): 1–9. https://doi.org/10.1080/00401706.1961.10489922
Park, Y. (2005). A Statistical Process Control Approach for Network Intrusion Detection. Georgia Insitute of Technology.
Parzen, E. (1962). On estimation of a probability density function and mode. The Annals of Mathematical Statistics, 33(3): 1065–1076. https://doi.org/10.1214/aoms/1177704472
Phaladiganon, P., Kim, S. B., Chen, V. C. P., Baek, J.-G., and Park, S.-K. (2011). Bootstrap-based T2 multivariate control charts. Communications in
Statistics - Simulation and Computation, 40(5): 645–662. https://doi.org/10.1080/03610918.2010.549989
Phaladiganon, P., Kim, S. B., Chen, V. C. P., and Jiang, W. (2013). Principal component analysis-based control charts for multivariate nonnormal distributions. Expert Systems with Applications, 40(8): 3044–3054. https://doi.org/10.1016/j.eswa.2012.12.020
Pirhooshyaran, M., and Niaki, S. T. A. (2015). A double-max MEWMA scheme for simultaneous monitoring and fault isolation of multivariate multistage auto-correlated processes based on novel reduced-dimension statistics. Journal of Process Control, 29: 11–22. https://doi.org/10.1016/j.jprocont.2015.03.008
Roberts, S. W. (1959). Control Chart Tests Based on Geometric Moving Averages. Technometrics, 1(3): 239–250. https://doi.org/10.1080/00401706.1959.10489860
Shenfield, A., Day, D., and Ayesh, A. (2018). Intelligent intrusion detection systems using artificial neural networks. ICT Express, 4(2): 95-99.
Shewhart, W. A. (1924). Some applications of statistical methods to the analysis of physical and engineering data. Bell Labs Technical Journal, 3(1): 43–87.
Stein, C. (1956). Inadmissibility of the Usual Estimator for the Mean of a Multivariate Normal Distribution. United States: Stanford University Stanford.
Stolfo, S. J. (1999). KDD cup 1999 dataset. UCI KDD Repository. Http://Kdd.Ics.Uci.Edu, 0.
Sullivan, J. H., and Woodall, W. H. (1996). A comparison of multivariate control charts for individual observations. Journal of Quality Technology, 28(4): 398–408.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. https://doi.org/10.1109/CISDA.2009.5356528
Vargas, N. J. (2003). Robust estimation in multivariate control charts for individual observations. Journal of Quality Technology, 35(4): 367–376.
Wang, H., Huwang, L., and Yu, J. H. (2015). Multivariate control charts based on the James–Stein estimator. European Journal of Operational Research, 246(1): 119–127.
Wibawati, Mashuri, M., Purhadi, and Irhamah. (2016). Fuzzy multinomial control chart and its application. In AIP Conference Proceedings, 1718(1): 110004. https://doi.org/10.1063/1.4943351
Wibawati, Mashuri, M., Purhadi, Irhamah, and Ahsan, M. (2018). Performance fuzzy multinomial control chart. In Journal of Physics: Conference Series, 1028(1): 12120. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012120
Williams, J. D., Woodall, W. H., Birch, J. B., and Sullivan, J. O. E. H. (2006). On the distribution of Hotelling’s T2 statistic based on the successive differences covariance matrix estimator. Journal of Quality Technology, 38: 217–229.
Wororomi, J. K., Mashuri, M., Irhamah, and Arifin, A. Z. (2014). On monitoring shift in the mean processes with vector autoregressive residual control charts of individual observation. Applied Mathematical Sciences, 8: 3491–3499. https://doi.org/10.12988/ams.2014.44298
Ahsan, M., Mashuri, M., and Khusna, H. (2017). Evaluation of Laney p’ chart performance. International Journal of Applied Engineering Research, 12(24): 14208–14217.
Ahsan, M., Mashuri, M., and Khusna, H. (2018). Intrusion detection system using bootstrap resampling approach of T2 control chart based on successive difference covariance matrix. Journal of Theoretical and Applied Information Technology, 96(8): 2128–2138.
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018a). Multivariate control chart based on PCA mix for variable and attribute quality characteristics. Production & Manufacturing Research, 6(1): 364–384. https://doi.org/10.1080/21693277.2018.1517055
Ahsan, M., Mashuri, M., Kuswanto, H., Prastyo, D. D., and Khusna, H. (2018b). T2 control chart based on successive difference covariance matrix for intrusion detection system. In Journal of Physics: Conference Series, 1028: 12220.
Alfaro, J. L., and Ortega, J. F. (2009). A comparison of robust alternatives to Hotelling’s T2 control chart. Journal of Applied Statistics, 36(12): 1385–1396. https://doi.org/10.1080/02664760902810813
Alkindi, Mashuri, M., and Prastyo, D. D. (2016). T2 hotelling fuzzy and W2 control chart with application to wheat flour production process. In AIP Conference Proceedings, 1746. https://doi.org/10.1063/1.4953977
Arkat, J., Niaki, S. T. A., and Abbasi, B. (2007). Artificial neural networks in applying MCUSUM residuals charts for AR(1) processes. Applied Mathematics and Computation, 189(2): 1889–1901. https://doi.org/10.1016/j.amc.2006.12.081
Bace, R., and Mell, P. (2001). NIST special publication on intrusion detection systems. Special Publication (NIST SP) - 800-31. https://doi.org/10.1016/S1361-3723(01)00614-5
Bersimis, S., Sgora, A., and Psarakis, S. (2016). The application of multivariate statistical process monitoring in non-industrial processes. Quality Technology and Quantitative Management, 3703(September): 1–24. https://doi.org/10.1080/16843703.2016.1226711
Catania, C. A., and Garino, C. G. (2012). Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering, 38(5): 1062–1072. https://doi.org/10.1016/j.compeleceng.2012.05.013
Chou, Y.-M., Mason, R., and Young, J. (2001). The control chart for individual observations from a multivariate non-normal distribution. Communications in Statistics: Theory & Methods, 30(8-9): 1937-1949. https://doi.org/10.1081/STA-100105706
Chou, Y., Mason, R. L., and Young, J. C. (1999). Power comparisons for a hotelling’s t 2 STATISTIC. Communications in Statistics - Simulation and Computation, 28(4): 1031–1050. https://doi.org/10.1080/03610919908813591
Hawkins, D. M., and Merriam, D. F. (1974). Zonation of multivariate sequences of digitized geologic data. Journal of the International Association for Mathematical Geology, 6(3): 263–269. https://doi.org/10.1007/BF02082892
Holmes, D. S., and Mergen, A. E. (1993). Improving the performance of the T2 control chart. Quality Engineering, 5(4): 619–625. https://doi.org/10.1080/08982119308919004
Hotelling, H. (1974). Multivariate quality control. In Techniques of Statistical Analysis. New York: McGraw-Hill.
Issam, B. K., and Mohamed, L. (2008). Support vector regression based residual MCUSUM control chart for autocorrelated process. Applied
Mathematics and Computation, 201(1–2): 565–574. https://doi.org/10.1016/j.amc.2007.12.059
James, W., and Stein, C. (1961). Estimation with quadratic loss. In Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, 1: 361–379.
Khusna, H., Mashuri, M., Ahsan, M., Suhartono, S., and Prastyo, D. D. (2018a). Bootstrap based maximum multivariate CUSUM control chart. Quality Technology & Quantitative Management. https://doi.org/10.1080/16843703.2018.1535765
Khusna, H., Mashuri, M., Suhartono, Prastyo, D. D., and Ahsan, M. (2018b). Multioutput least square SVR based multivariate EWMA control chart. In Journal of Physics: Conference Series, 1028(1): 12221. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012221
Lehmann, E. L., and Casella, G. (2006). Theory of Point Estimation. Springer Science & Business Media.
Mason, R. L., and Young, J. C. (2002). Multivariate Statistical Process Control with Industrial Applications. Society for Industrial and Applied
Mathematics. Retrieved from http://epubs.siam.org/doi/book/10.1137/1.9780898718461
Montgomery, D. (2009). Introduction to Statistical Quality Control. New York: John Wiley & Sons Inc. https://doi.org/10.1002/1521-3773(20010316)40:6<9823::AID-ANIE9823>3.3.CO;2-C
Murray Rosenblatt. (1956). Remarks on Some Nonparametric Estimates of a Density Function. The Annals of Mathematical Statistics, 27: 832–837. https://doi.org/10.1214/aoms/1177728190
Page, E. S. (1961). Cumulative Sum Charts. Technometrics, 3(1): 1–9. https://doi.org/10.1080/00401706.1961.10489922
Park, Y. (2005). A Statistical Process Control Approach for Network Intrusion Detection. Georgia Insitute of Technology.
Parzen, E. (1962). On estimation of a probability density function and mode. The Annals of Mathematical Statistics, 33(3): 1065–1076. https://doi.org/10.1214/aoms/1177704472
Phaladiganon, P., Kim, S. B., Chen, V. C. P., Baek, J.-G., and Park, S.-K. (2011). Bootstrap-based T2 multivariate control charts. Communications in
Statistics - Simulation and Computation, 40(5): 645–662. https://doi.org/10.1080/03610918.2010.549989
Phaladiganon, P., Kim, S. B., Chen, V. C. P., and Jiang, W. (2013). Principal component analysis-based control charts for multivariate nonnormal distributions. Expert Systems with Applications, 40(8): 3044–3054. https://doi.org/10.1016/j.eswa.2012.12.020
Pirhooshyaran, M., and Niaki, S. T. A. (2015). A double-max MEWMA scheme for simultaneous monitoring and fault isolation of multivariate multistage auto-correlated processes based on novel reduced-dimension statistics. Journal of Process Control, 29: 11–22. https://doi.org/10.1016/j.jprocont.2015.03.008
Roberts, S. W. (1959). Control Chart Tests Based on Geometric Moving Averages. Technometrics, 1(3): 239–250. https://doi.org/10.1080/00401706.1959.10489860
Shenfield, A., Day, D., and Ayesh, A. (2018). Intelligent intrusion detection systems using artificial neural networks. ICT Express, 4(2): 95-99.
Shewhart, W. A. (1924). Some applications of statistical methods to the analysis of physical and engineering data. Bell Labs Technical Journal, 3(1): 43–87.
Stein, C. (1956). Inadmissibility of the Usual Estimator for the Mean of a Multivariate Normal Distribution. United States: Stanford University Stanford.
Stolfo, S. J. (1999). KDD cup 1999 dataset. UCI KDD Repository. Http://Kdd.Ics.Uci.Edu, 0.
Sullivan, J. H., and Woodall, W. H. (1996). A comparison of multivariate control charts for individual observations. Journal of Quality Technology, 28(4): 398–408.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. https://doi.org/10.1109/CISDA.2009.5356528
Vargas, N. J. (2003). Robust estimation in multivariate control charts for individual observations. Journal of Quality Technology, 35(4): 367–376.
Wang, H., Huwang, L., and Yu, J. H. (2015). Multivariate control charts based on the James–Stein estimator. European Journal of Operational Research, 246(1): 119–127.
Wibawati, Mashuri, M., Purhadi, and Irhamah. (2016). Fuzzy multinomial control chart and its application. In AIP Conference Proceedings, 1718(1): 110004. https://doi.org/10.1063/1.4943351
Wibawati, Mashuri, M., Purhadi, Irhamah, and Ahsan, M. (2018). Performance fuzzy multinomial control chart. In Journal of Physics: Conference Series, 1028(1): 12120. Retrieved from http://stacks.iop.org/1742-6596/1028/i=1/a=012120
Williams, J. D., Woodall, W. H., Birch, J. B., and Sullivan, J. O. E. H. (2006). On the distribution of Hotelling’s T2 statistic based on the successive differences covariance matrix estimator. Journal of Quality Technology, 38: 217–229.
Wororomi, J. K., Mashuri, M., Irhamah, and Arifin, A. Z. (2014). On monitoring shift in the mean processes with vector autoregressive residual control charts of individual observation. Applied Mathematical Sciences, 8: 3491–3499. https://doi.org/10.12988/ams.2014.44298