A review of: Hierarchical PCA-Based Multivariate Statistical Network Monitoring for Anomaly Detection

Gabriel Maciá-Fernández; José Camacho; Pedro García-Teodoro; Rafael A. Rodríguez-Gómez

Abstract:

Multivariate Statistical Network Monitoring (MSNM) is a methodology that leverages PCA processing of information to provide insight on multiple variables evolution, raising very good detection results that outperforms other current methods. Regretfully, as any other detection approach, it imposes a considerable burden due to the need to transfer traffic-related data. In this paper, we suggest a hierarchical approach for MSNM with two main benefits: it minimizes the amount of data to be transferred through the network, and it provides privacy capabilities. We test the feasibility as well as the detection performance of the proposal within an experimental environment, obtaining detection results that are similar to non-hierarchical MSNM, but exhibiting a considerable reduction in the amount of information sent through the network.

Research areas:

• Intrusion detection and protection
• Data processing and networkmetrics

Year:

2017

Type of Publication:

In Proceedings

Keywords:

IDS; SIEM; anomaly detection; MSNM; PCA