Network anomaly detection based on wavelet analysis

Authors:
Wei Lu;Ali A. Ghorbani
Affiliations:
Information Security Center of Excellence, The University of New Brunswick, Fredericton, NB, Canada;Information Security Center of Excellence, The University of New Brunswick, Fredericton, NB, Canada
Venue:
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Year:
2009

Citing 21
Cited 11

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
NADIR: an automated system for detecting network intrusion and misuse

Computers and Security
System identification (2nd ed.): theory for the user

System identification (2nd ed.): theory for the user
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
A non-instrusive, wavelet-based approach to detecting network performance problems

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Pattern Recognition and Neural Networks

Pattern Recognition and Neural Networks
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A wavelet-based approach to detect shared congestion

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
On neuro-wavelet modeling

Decision Support Systems - Special issue: Data mining for financial decision making
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
An unsupervised anomaly detection framework for multiple-connection based network intrusions

An unsupervised anomaly detection framework for multiple-connection based network intrusions
An overview of anomaly detection techniques: Existing solutions and latest technological trends

Computer Networks: The International Journal of Computer and Telecommunications Networking
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set

Intelligent Data Analysis
A new unsupervised anomaly detection framework for detecting network attacks in real-time

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Network intrusion detection using wavelet analysis

CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Image-Based Anomaly Detection Technique: Algorithm, Implementation and Effectiveness

IEEE Journal on Selected Areas in Communications

Network forensics based on fuzzy logic and expert system

Computer Communications
Detecting Network Anomalies Using CUSUM and EM Clustering

ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Detection of illicit traffic based on multiscale analysis

SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
A scalable, efficient and informative approach for anomaly-based intrusion detection systems: theory and practice

International Journal of Network Management
A comparison between divergence measures for network anomaly detection

Proceedings of the 7th International Conference on Network and Services Management
Improved anomaly detection using block-matching denoising

Computer Communications
Lightweight and Informative Traffic Metrics for Data Center Monitoring

Journal of Network and Systems Management
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion

Concurrency and Computation: Practice & Experience
Statistical and signal-based network traffic recognition for anomaly detection

Expert Systems: The Journal of Knowledge Engineering
Flooding attacks detection in backbone traffic using power divergence

Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
A methodological overview on anomaly detection

DataTraffic Monitoring and Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.