Traditional multivariate control charts for network intrusion detection encounter significant challenges including false alarms due to non-conforming network data traffic distributions, limitations in identifying outlier intrusions caused by masking effects, and handling diverse data types. This paper introduces a T²-based multivariate control chart that leverages dimensional reduction techniques using Factor Analysis of Mixed Data (FAMD) and Autoencoder to address these issues. FAMD reduces data with both quantitative and qualitative variables, while Autoencoder focuses on dimensionality reduction for quantitative variables, enhancing multivariate control chart performance. The proposed chart, a modified T², is compared to conventional T² with dimensionality reduction through FAMD and Autoencoder. Results from simulating data using UNSW-NB 15 demonstrate T²'s superior performance with dimensionality reduction compared to conventional T². Under various conditions, conventional control chart T achieves 64% accuracy, T² with FAMD achieves 74%, and T² with Autoencoder reaches 76%. Notably, T² with FAMD excels in detecting normal activity as intrusion compared to Autoencoder. This approach holds promise for improving network intrusion detection accuracy, especially in mixed-data environments.

statistics; Autoencoder; FAMD; Hotelling T2 Control Chart; Intrusion Detection

R. Heady, G. Luger, A. Maccabe, and M. Servilla, “The Architectur of a Network Level Intrusion Detection System,” 1990, doi: https://doi.org/10.2172/425295.

M. A. Aydın, A. H. Zaim, and K. G. Ceylan, “A hybrid intrusion detection system design for computer network security,” Comput. Electr. Eng., vol. 35, no. 3, pp. 517–526, 2009, doi: 10.1016/j.compeleceng.2008.12.005.

N. Kumar, “Advancements in Statistical Quality Control Standards,” Int. J. Emerg. Technol. Innov. Res., vol. 6, no. 4, pp. 196–205, 2019.

S. Bersimis, A. Sgora, and S. Psarakis, “The application of multivariate statistical process monitoring in non-industrial processes,” Qual. Technol. Quant. Manag., vol. 3703, pp. 1–24, 2018, doi: 10.1080/16843703.2016.1226711.

C. A. Lowry and D. C. Montgomery, “A review of multivariate control charts,” IIE Trans. (Institute Ind. Eng., vol. 27, no. 6, pp. 800–810, 1995, doi: 10.1080/07408179508936797.

N. Ye, X. Li, Q. Chen, S. M. Emran, and M. Xu, “Probabilistic techniques for intrusion detection based on computer audit data,” IEEE Trans. Syst. Man, Cybern. Part ASystems Humans., vol. 31, no. 4, pp. 266–274, 2001, doi: 10.1109/3468.935043.

R. Rastogi, Z. Khan, and M. H. Khan, “Network Anomalies Detection Using Statistical Technique : A Chi- Square approach,” Int. J. Comput. Sci. Issues, vol. 9, pp. 515–522, 2012.

D. Montgomery, Introduction to Statistical Quality Control, 6th Editio. New Jersey: John Wiley & Sons, Inc, 2009.

C T. Kourti, “Application of latent variable methods to process control and multivariate statistical process control in industry,” Int. J. Adapt. Control Signal Process., vol. 19, no. 4, pp. 213–246, 2005, doi: 10.1002/acs.859.

R. L. Mason and J. C. Young, Multivariate Statistical Process Control with Industrial Applications. 2002.

I. T. Jollife and J. Cadima, “Principal component analysis: A review and recent developments,” Philos. Trans. R. Soc. A Math. Phys. Eng. Sci., vol. 374, no. 20150202, 2016, doi: 10.1098/rsta.2015.0202.

X. Ran, “Using the Dimension Reduction Method FAMD in the Data Pre-processing Step for Risk Prediction and for Unsupervised Clustering,” University of Pittsburgh, 2019.

M. Sakurada and T. Yairi, “Anomaly detection using autoencoders with nonlinear dimensionality reduction,” ACM Int. Conf. Proceeding Ser., vol. 02-Decembe, pp. 4–11, 2014, doi: 10.1145/2689746.2689747.

J. Pagès, “ANALYSE FACTORIELLE DE DONNÉES MIXTES : PRINCIPE ET EXEMPLE D’APPLICATION,” Rev. Stat. appliquée, vol. 5, no. 4, pp. 93–111, 2002.

M. A. Kramer, “Nonlinear Principal Component Analysis using Autoassociative Neural Networks,” AIChE J., vol. 37, no. 2, pp. 233–243, 1991, doi: 10.1002/aic.690370209.

G. Qu, S. Hariri, and M. Yousif, “Multivariate Statistical Analysis for Network Attacks Detection,” 3rd ACS/IEEE Interenational Conf. Comput. Syst. Appl., pp. 9–14, 2005.

N. Ye, D. Parmar, and C. M. Borror, “A Hybrid SPC Method with the Chi-Square Distance Monitoring Procedure for Large-scale, Complex Process Data,” Qual. Reliab. Eng. Int., no. 22, pp. 393–402, 2006, doi: 10.1002/qre.717.

A. A. Sivasamy and B. Sundan, “A Dynamic Intrusion Detection System Based on Multivariate Hotelling ’ s T2 Statistics Approach for Network Environments,” Sci. World J., vol. 2015, 2015, doi: 10.1155/2015/850153.

H. Hotelling, “Multivariate Quality Control, Illustrated by The Air Testing of Sample Bombsights,” Tech. Stat. Anal., pp. 111–184, 1947.

P. Vincent, H. Larochelle, Y. Bengio, and P.-A. Manzagol, “Extracting and Composing Robust Features with Denoising Autoencoders,” Int. Conf. Mach. Learn., 2008.

P. Vincent, H. Larochelle, I. Lajoie, Y. Bengio, and P. A. Manzagol, “Stacked denoising autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion,” J. Mach. Learn. Res., vol. 11, pp. 3371–3408, 2010.