Title: Statistical Process Control Method for Cyber Intrusion Detection (DDoS, U2R, R2L, Probe)

Issue Number: Vol. 8, No. 1
Year of Publication: March - 2019
Page Numbers: 82-88
Authors: Dimitris Sklavounos, Alexandros Leondakianakos, Aloysius Edoh
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002560


A new method of cyber intrusion detection is proposed in the present work. A statistical process control technique with a significant potential has been utilized for this purpose, namely the Exponential Weighted Moving Average (EWMA) chart. The experimental dataset was the widely used NSL-KDD, and the proposed method is focused on the "source bytes" attribute and in the range of 0 to 1000 bytes. The evaluated types of intrusion were: Denial of service (DoS), User to Root (U2R), Root to Local (R2L) and Probe, in a single or multiple attacking manner. The normal situation (with no attacks involved) under which a hypothetical network operates has been considered as a normal process and the method was evaluated as effective enough for all attacks with source bytes that cause diversions from the normal process.