Statistical and signal-based network traffic recognition for anomaly detection
作者: Michał Choraś , Łukasz Saganowski , Rafał Renk , Witold Hołubowicz
DOI: 10.1111/J.1468-0394.2010.00576.X
关键词: Discrete wavelet transform 、 Anomaly detection 、 Data mining 、 Network security 、 Anomaly-based intrusion detection system 、 Intrusion detection system 、 Signal processing 、 Computer science 、 False positive paradox 、 Matching pursuit
摘要: In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose combine and correlate parameters from different layers 0-day attacks reduce false positives. Moreover, we statistical signal-based features. The major contribution of paper novel security based on the correlation approach as well new algorithm intrusion detection basis Matching Pursuit (MP) algorithm. As our best knowledge, are first use MP anomaly computer networks. presented experiments, proved that solution gives better results than discrete wavelet transform. © 2012 Wiley Periodicals, Inc.
sci-hub.se 参考文章(18)
Francesco Oliviero, Claudio Mazzariello, Carlo Sansone, Simon Pietro Romano, Marcello Esposito, Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. pattern recognition in information systems. pp. 144- 153 ,(2005)
Chen-Mou Cheng, H.T. Kung, Koan-Sin Tan, Use of spectral analysis in defense against DoS attacks global communications conference. ,vol. 3, pp. 2143- 2148 ,(2002) , 10.1109/GLOCOM.2002.1189011
Łukasz Saganowski, Michał Choraś, Rafał Renk, Witold Hołubowicz, A novel signal-based approach to anomaly detection in IDS systems international conference on adaptive and natural computing algorithms. pp. 527- 536 ,(2009) , 10.1007/978-3-642-04921-7_54
Marcello Esposito, Claudio Mazzariello, Francesco Oliviero, Simon Pietro Romano, Carlo Sansone, REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES international conference on enterprise information systems. pp. 197- 204 ,(2007) , 10.1007/978-1-4020-5347-4_22
Laurent Daudet, Audio Sparse Decompositions in Parallel IEEE Signal Processing Magazine. ,vol. 27, pp. 90- 96 ,(2010) , 10.1109/MSP.2009.935388
Wei Lu, Ali A. Ghorbani, Network anomaly detection based on wavelet analysis EURASIP Journal on Advances in Signal Processing. ,vol. 2009, pp. 837601- ,(2009) , 10.1155/2009/837601
L. Li, G. Lee, DDoS attack detection and wavelets international conference on computer communications and networks. pp. 421- 427 ,(2003) , 10.1109/ICCCN.2003.1284203
Polly Huang, Anja Feldmann, Walter Willinger, A non-instrusive, wavelet-based approach to detecting network performance problems Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement - IMW '01. pp. 213- 227 ,(2001) , 10.1145/505202.505229
J.A. Tropp, Greed is good: algorithmic results for sparse approximation IEEE Transactions on Information Theory. ,vol. 50, pp. 2231- 2242 ,(2004) , 10.1109/TIT.2004.834793
Paul Barford, Jeffery Kline, David Plonka, Amos Ron, A signal analysis of network traffic anomalies acm special interest group on data communication. pp. 71- 82 ,(2002) , 10.1145/637201.637210