A Data Analysis-Based Approach for Detecting Intruders

We introduce a novel anomaly intrusion detection method based on Linear Discriminant Analysis (LDA). This approach searches for those vectors in the underlying space that best discriminate among users' profile classes. The discrimination rules are based on linear combinations of the observed users' profiles, called discriminant factors. This new approach provides for the ability to learn and later determine whether a new profile does or does not correspond to those of known users. Unlike many researchers we used realistic data to learn the behaviors of four students' classes. After that we apply LDA to get an appropriate discrimination between the student classes. Thus one can easily determine if a new student is legitimate or not by projecting its profile onto the profile subspace. Simulations show that our approach outperforms both Principal Components Analysis (PCA) and Electre Tri methods.