A Reconfigurable Architecture for Network Intrusion Detection Using Principal Component Analysis
Source: Northwestern University
This paper develops architecture for Principal Component Analysis (PCA) to be used as an outlier detection method for high-speed Network Intrusion Detection Systems (NIDS). PCA is a common statistical method used in multivariate optimization problems in order to reduce the dimensionality of data while retaining a large fraction of the data characteristic. First, PCA is used to project the training set onto eigenspace vectors representing the mean of the data. These eigenspace vectors are then used to predict malicious connections in a workload containing normal and attack behavior. This simulations show that the architecture correctly classifies attacks with detection rates exceeding 99% and false alarms rates as low as 1.95%.