A novel signal-based approach to anomaly detection in IDS systems

Authors:
Łukasz Saganowski;Michał Choraś;Rafał Renk;Witold Hołubowicz
Affiliations:
ITTI Ltd., Poznań and Institute of Telecommunications, University of Technology & Life Sciences, Bydgoszcz;ITTI Ltd., Poznań and Institute of Telecommunications, University of Technology & Life Sciences, Bydgoszcz;ITTI Ltd., Poznań and Adam Mickiewicz University, Poznań;ITTI Ltd., Poznań and Adam Mickiewicz University, Poznań
Venue:
ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
Year:
2009

Citing 5
Cited 1

A non-instrusive, wavelet-based approach to detecting network performance problems

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Intrusion Detection System Based on Matching Pursuit

ICINIS '08 Proceedings of the 2008 First International Conference on Intelligent Networks and Intelligent Systems
Fast matching pursuit with a multiscale dictionary of Gaussianchirps

IEEE Transactions on Signal Processing
Greed is good: algorithmic results for sparse approximation

IEEE Transactions on Information Theory

Statistical and signal-based network traffic recognition for anomaly detection

Expert Systems: The Journal of Knowledge Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present our original methodology, in which Matching Pursuit is used for networks anomaly and intrusion detection. The architecture of anomaly-based IDS based on signal processing is presented. We propose to use mean projection of the reconstructed network signal to determine if the examined trace is normal or attacked. Experimental results confirm the efficiency of our method in worm detection scenario. The practical usability of the proposed approach in the intrusion detection tolerance system (IDTS) in the INTERSECTION project is presented.