As the number, complexity and diversity of cyber threats continue to increase in network infrastructures, anomaly detection techniques constitute a crucial alternative towards enhancing network security. Principal Component Analysis (PCA) is a widely used network anomaly detection statistical methodology. Despite its ability in detecting traffic anomalies, relevant research has highlighted certain drawbacks of this technique. In our work we develop the Iterative PCA (IPCA) method to address those shortcomings. We aim at providing a useful tool that will enable a network administrator to identify network anomalies. The results of our experimentation are encouraging. They indicate that IPCA possesses promising capabilities in efficiently detecting anomalies while mitigating the limitations of the classical PCA approach.

Additional Metadata
Keywords Entropy, Fires, IP networks, Iterative methods, Principal component analysis, Yttrium
Persistent URL dx.doi.org/10.1109/MILCOM.2015.7357512
Conference 34th Annual IEEE Military Communications Conference, MILCOM 2015
Citation
Delimargas, A. (Athanasios), Skevakis, E. (Emmanouil), Halabian, H. (Hassan), Lambadaris, I, Seddigh, N. (Nabil), Nandy, B. (Biswajit), & Makkar, R. (Rupinder). (2015). IPCA for network anomaly detection. Presented at the 34th Annual IEEE Military Communications Conference, MILCOM 2015. doi:10.1109/MILCOM.2015.7357512