Combining wavelet analysis and information theory for network anomaly detection

Authors:
Christian Callegari;Michele Pagano;Stefano Giordano;Teresa Pepe
Affiliations:
University of Pisa, Pisa, Italy;University of Pisa, Pisa, Italy;University of Pisa, Pisa, Italy;University of Pisa, Pisa, Italy
Venue:
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Year:
2011

Citing 10
Cited 0

Ten lectures on wavelets

Ten lectures on wavelets
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A non-instrusive, wavelet-based approach to detecting network performance problems

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Tabulation based 4-universal hashing with applications to second moment estimation

SODA '04 Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An improved data stream summary: the count-min sketch and its applications

Journal of Algorithms
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
On the use of sketches and wavelet analysis for network anomaly detection

Proceedings of the 6th International Wireless Communications and Mobile Computing Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering a novel technique for detecting network anomalies. Our approach is based on the idea that an anomaly can cause an abrupt change in the quantity of information, associated to a given traffic descriptor. For this reason we propose a novel anomaly detection technique, based on a combined use of information theory and wavelet analysis.