Divided two-part adaptive intrusion detection system
Wireless Networks
| Hi-index | 0.00 |
Network always suffers from the traffic anomaly such as router rate change, device restart or the worm attack. The early detection of unusual anomaly in the network is a key to fast recover and avoidance of future serious problem to provide a stable network transmission. In this paper we present a statistical approach to analysis the distribution of network traffic to identify the normal network traffic behavior. We adapt the EM algorism to estimate the distribution parameter of Gaussian mixture distribution model. If only there is a statistical signature of unusual fluctuation or change in the network traffic an alarm will be triggered. We adapt the time series analysis of the statistical analysis result. Up bound and low bound will be defined through the analysis. The exceeding of the bound will be the signal of traffic anomaly. Another time series analysis approach also can reflect the fluctuation of network with the crossover of two indicator lines called K line and D line. These two indicator lines are some think like the mean value of the historical data in a time slice with one more sensitive to the change of the new coming data and another not. The approach three-MACD indicator approach is like the K D approach but more blunt to the unusual fluctuation of network traffic which can submit an alarm more correctly.