From measurements to metrics: PCA-based indicators of cyber anomaly

Farid Ahmed; Tommy Johnson; Sonia Tsui

doi:10.1117/12.918165

7 May 2012 From measurements to metrics: PCA-based indicators of cyber anomaly

Farid Ahmed, Tommy Johnson, Sonia Tsui

Proceedings Volume 8408, Cyber Sensing 2012; 840806 (2012) https://doi.org/10.1117/12.918165
Event: SPIE Defense, Security, and Sensing, 2012, Baltimore, Maryland, United States

Abstract

We present a framework of the application of Principal Component Analysis (PCA) to automatically obtain meaningful metrics from intrusion detection measurements. In particular, we report the progress made in applying PCA to analyze the behavioral measurements of malware and provide some preliminary results in selecting dominant attributes from an arbitrary number of malware attributes. The results will be useful in formulating an optimal detection threshold in the principal component space, which can both validate and augment existing malware classifiers.

Citation Download Citation

Farid Ahmed, Tommy Johnson, and Sonia Tsui "From measurements to metrics: PCA-based indicators of cyber anomaly", Proc. SPIE 8408, Cyber Sensing 2012, 840806 (7 May 2012); https://doi.org/10.1117/12.918165

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available