| Article ID: | iaor20072565 |
| Country: | Netherlands |
| Volume: | 42 |
| Issue: | 1 |
| Start Page Number: | 375 |
| End Page Number: | 389 |
| Publication Date: | Oct 2006 |
| Journal: | Decision Support Systems |
| Authors: | Zhang Jing, Wu Ningning |
This paper presents a novel anomaly detection and clustering algorithm for the network intrusion detection based on factor analysis and Mahalanobis distance. Factor analysis is used to uncover the latent structure of a set of variables. The Mahalanobis distance is used to determine the ‘similarity’ of a set of values from an ‘unknown’ sample to a set of values measured from a collection of ‘known’ samples. By utilizing factor analysis and Mahalanobis distance, we developed an algorithm 1) to identify outliers based on a trained model, and 2) to cluster attacks by abnormal features.