Article ID: | iaor20072565 |
Country: | Netherlands |
Volume: | 42 |
Issue: | 1 |
Start Page Number: | 375 |
End Page Number: | 389 |
Publication Date: | Oct 2006 |
Journal: | Decision Support Systems |
Authors: | Zhang Jing, Wu Ningning |
This paper presents a novel anomaly detection and clustering algorithm for the network intrusion detection based on factor analysis and Mahalanobis distance. Factor analysis is used to uncover the latent structure of a set of variables. The Mahalanobis distance is used to determine the ‘similarity’ of a set of values from an ‘unknown’ sample to a set of values measured from a collection of ‘known’ samples. By utilizing factor analysis and Mahalanobis distance, we developed an algorithm 1) to identify outliers based on a trained model, and 2) to cluster attacks by abnormal features.