Bootstrap and MRCD Estimators in Hotelling’s T2 Control Charts for Precise Intrusion Detection

Abstract

Intrusion detection systems (IDS) are crucial in safeguarding network security by identifying unauthorized access attempts through various techniques. Statistical Process Control (SPC), particularly Hotelling’s T2 control charts, is noted for monitoring network traffic against known attack patterns or anomaly detection. This research advances the domain by incorporating robust statistical estimators—namely, the Fast-MCD and MRCD (Minimum Regularized Covariance Determinant) estimators—into bootstrap-enhanced Hotelling’s T2 control charts. These enhanced charts aim to strengthen detection accuracy by offering improved resistance to outlier contamination, a prevalent challenge in intrusion detection. The methodology emphasizes the MRCD estimator’s robustness in overcoming the limitations of traditional T2 charts, especially in environments with a high incidence of outliers. Applying the proposed bootstrap-based robust T2 charts to the UNSW-NB15 dataset illustrates a marked enhancement in intrusion detection performance. Results indicate superior performance of the proposed method over conventional T2 and Fast-MCD-based T2 charts in detection accuracy, even in varied levels of outlier contamination. Despite increasing execution time, the precision and reliability in detecting intrusions present a justified trade-off. The findings underscore the significant potential of integrating robust statistical methods to enhance IDS effectiveness.