IEEE Transactions on Software Engineering - Special issue on computer security and privacy
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
System identification (2nd ed.): theory for the user
System identification (2nd ed.): theory for the user
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
A non-instrusive, wavelet-based approach to detecting network performance problems
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Pattern Recognition and Neural Networks
Pattern Recognition and Neural Networks
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A wavelet-based approach to detect shared congestion
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Decision Support Systems - Special issue: Data mining for financial decision making
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
An unsupervised anomaly detection framework for multiple-connection based network intrusions
An unsupervised anomaly detection framework for multiple-connection based network intrusions
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set
Intelligent Data Analysis
A new unsupervised anomaly detection framework for detecting network attacks in real-time
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Image-Based Anomaly Detection Technique: Algorithm, Implementation and Effectiveness
IEEE Journal on Selected Areas in Communications
Network forensics based on fuzzy logic and expert system
Computer Communications
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Detection of illicit traffic based on multiscale analysis
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
International Journal of Network Management
A comparison between divergence measures for network anomaly detection
Proceedings of the 7th International Conference on Network and Services Management
Improved anomaly detection using block-matching denoising
Computer Communications
Lightweight and Informative Traffic Metrics for Data Center Monitoring
Journal of Network and Systems Management
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
Statistical and signal-based network traffic recognition for anomaly detection
Expert Systems: The Journal of Knowledge Engineering
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.