Principal component-based anomaly detection scheme

Mei Ling Shyu, Shu Ching Chen, Kanoksri Sarinnapakorn, Liwu Chang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations


In this chapter, a novel anomaly detection scheme that uses a robust principal component classifier (PCC) to handle computer network security problems is proposed. An intrusion predictive model is constructed from the major and minor principal components of the normal instances, where the difference of an anomaly from the normal instance is the distance in the principal component space. The screening of outliers prior to the principal component analysis adds the resistance property to the classifier which makes the method applicable to both the supervised and unsupervised training data. Several experiments using the KDD Cup 1999 data were conducted and the experimental results demonstrated that our proposed PCC method is superior to the k-nearest neighbor (KNN) method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on the Canberra metric.

Original languageEnglish (US)
Title of host publicationFoundations and Novel Approaches in Data Mining
EditorsTsau Young Lin
Number of pages19
StatePublished - Dec 1 2006

Publication series

NameStudies in Computational Intelligence
ISSN (Print)1860-949X


  • Anomaly detection
  • data mining
  • intrusion detection
  • outliers
  • principal component analysis
  • principal component classifier

ASJC Scopus subject areas

  • Artificial Intelligence


Dive into the research topics of 'Principal component-based anomaly detection scheme'. Together they form a unique fingerprint.

Cite this