Statistical Process Control-Based Intrusion Detection and Monitoring

Authors

  • Yongro Park,

    1. Samsung SDS, Seongnam-Si, Gyeonggi-Do, South Korea
    Search for more papers by this author
  • Seung Hyun Baek,

    Corresponding author
    1. Division of Business Administration, College of Economics and Business Administration, Hanyang University ERICA Campus, Sangnok-Gu, Ansan-Si, Gyeonggi-Do, South Korea
    • Correspondence to: Seung Hyun Baek, Division of Business Administration, College of Economics and Business Administration, Hanyang University ERICA Campus, Sangnok-Gu, Ansan-Si, Gyeonggi-Do, South Korea

      E-mail: sbaek4@hanyang.ac.kr

    Search for more papers by this author
  • Seong-Hee Kim,

    1. School of Industrial and Systems Engineering (ISyE), Georgia Institute of Technology, Atlanta, GA, USA
    Search for more papers by this author
  • Kwok-Leung Tsui

    1. Department of Systems Engineering and Engineering Management, City University of Hong Kong, Kowloon, Hong Kong
    Search for more papers by this author

Abstract

Intrusion detection systems have a vital role in protecting computer networks and information systems. In this article, we applied a statistical process control (SPC)–monitoring concept to a certain type of traffic data to detect a network intrusion. We proposed an SPC-based intrusion detection process and described it and the source and the preparation of data used in this article. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. This article applies SPC charting methods for intrusion detection. In particular, it uses the basic security module host audit data from the MIT Lincoln Laboratory and applies the Shewhart chart, the cumulative sum chart, and the exponential weighted moving average chart to detect a denial of service intrusion attack. The case study shows that these SPC techniques are useful for detecting and monitoring intrusions. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary