Date Added: Sep 2009
In this paper, the authors study the application of PCA to the IP network anomaly detection. The algorithm is based on detecting changes in traffic feature distribution aggregated by sample entropy. This method of detection has originally been proposed to detect anomalous traffic on origin-destination flows in backbone networks. They have adjusted the algorithm so that it works with network traffic captured from a single network interface. This makes the algorithm possible to be implemented in any IP networks. The experimental result shows that their implementation can detect some types of known anomaly. As the algorithm is also able to detect unknown types of anomaly, it is also possible to be implemented as preliminary detection system.