Modified Batch Mean Charts for Network Intrusion Detection

Authors

  • Yongro Park SAMSUNG SDS
  • Seung Hyun Baek Hanyang University, Ansan, South Korea
  • Seong-Hee Kim Georgia Institute of Technology
  • Kwok-Leung Tsui City University of Hong Kong

DOI:

https://doi.org/10.23055/ijietap.2020.27.1.3504

Keywords:

batch mean chart, intrusion detection, modified batch mean chart, robust version of batch mean chart, statistical process control

Abstract

This paper presents a modified batch mean charts for network intrusion detection. Also 3 variants of the modified batch mean chart are provided. Simulation based on the standard control limits and robust control limits are performed with 4 factors: cycle, noise, batch size and signal type. A regular batch mean chart was used to remove the sample data’s inherent 60-second cycles. However, this proved too slow in detecting a signal because the regular batch mean chart only monitored the statistic at the end of the batch. The simulation studies showed that the MBM charts perform especially well with large signals - the type of signal typically associated with a denial of service intrusion. To gain faster results, a modified batch mean (MBM) charts are developed that met this goal. The MBM charts can be applied two ways: by using actual control limits or by using robust control limits. 

Author Biographies

Yongro Park, SAMSUNG SDS

Dr. Yongro Park is a principle consultant in Samsung SDS. He received a B.S. & M.S. in Industrial Engineering from Seoul National University (SNU) and an M.S. & Ph.D. in Industrial and Systems Engineering from Georgia Institute of Technology.

Dr. Park’s research interest includes monitoring and control procedures for financial market data, optimization via rule based simulation, statistical output analysis, and quality control.

Seung Hyun Baek, Hanyang University, Ansan, South Korea

Dr. Seung Hyun Baek is an associate professor of Division of Business Administration in College of Economics & Business Administration at Hanyang University ERICA campus. He received a B.S. in Industrial Engineering from Myongji University and an M.S. in Industrial and Systems Engineering from Georgia Institute of Technology and a Ph.D. in Industrial and Information Engineering from University of Tennessee, Knoxville.

Dr. Baek’s research interests are total quality management, supply chain management, operations management, management science, business intelligence & analytics, statistical data mining, and machine learning, business consulting methodology.

Seong-Hee Kim, Georgia Institute of Technology

Dr. Seong-Hee Kim is a professor in Industrial and Systems Engineering at Georgia Institute of Technology. She received a B.S. in Industrial Management from Korea Advanced Institute of Science and Technology (KAIST) and an M.S. & Ph.D. in Industrial Engineering and Management Sciences from Northwestern University.

Dr. Kim’s research interest centers on ranking and selection procedures for stochastic simulation, optimization via simulation, statistical output analysis, quality control, and applications of simulation methods to environmental management. Dr. Kim received INFORMS Simulation Society Outstanding Simulation Publication Award in 2006 and the NSF Career Award in 2007.

Kwok-Leung Tsui, City University of Hong Kong

Dr. Kwok-Leung Tsui is a chair professor and the head of Systems Engineering and Engineering Management in the Department of Systems Engineering and Engineering Management and Mechanical and Biomedical Engineering at City University of Hong Kong. He has a B.Sc. in Chemistry and a M.Ph. in Mathematics both from the Chinese University of Hong Kong, and a Ph.D. in Statistics from the University of Wisconsin at Madison.

Dr. Tsui was a recipient of the 1992 NSF Young Investigator Award. He was the (elected) President and Vice President of the American Statistical Association Atlanta Chapter in 1992-1993. Dr. Tsui was the Chair of the INFORMS Section in Quality, Statistics, and Reliability (QSR) in 2000.

Dr. Tsui’s research interest includes robust design and Taguchi method, experimental design, statistical process control, data mining, supply chain management, design and modeling of computer experiments, and design and analysis of coordinate measuring machine experiments.

Published

2020-02-17

How to Cite

Park, Y., Baek, S. H., Kim, S.-H., & Tsui, K.-L. (2020). Modified Batch Mean Charts for Network Intrusion Detection. International Journal of Industrial Engineering: Theory, Applications and Practice, 27(1). https://doi.org/10.23055/ijietap.2020.27.1.3504

Issue

Section

Quality, Reliability, Maintenance Engineering