Iterative Principal Component Analysis (IPCA) for Network Anomaly Detection

Due to a plethora of network anomalies and their rapid increase both in complexity and diversity, an ongoing research for security countermeasures is emerging. Princi- pal Component Analysis (PCA) is one of the several methods that were suggested in order to detect such anomalies and is known as a powerful tool in finding and diagnosing anomalies in network traffic. Nonetheless, previous relevant research work highlighted some inconsistencies of the classical method. It has been shown that the efficiency of the results are highly dependent to the input data and the calibration of its parameters. These parameters should be carefully selected in order to pinpoint the existence of anomalies in network traffic. By obtaining real network traffic traces from a small enterprise and artificially injecting anomalies, we apply a modified PCA based method. The results of our experimentation imply that this method possesses promising capabilities in efficiently detecting network anomalies and manages to sur- pass some of the limitations of the classic approach.