Improved anomaly detection using block-matching denoising

Authors:
S. P. Kozaitis;W. Petsuwan
Affiliations:
150 W. University Blvd., Department of Electrical and Computer Engineering, Florida Institute of Technology, Melbourne, FL 32901, USA;150 W. University Blvd., Department of Electrical and Computer Engineering, Florida Institute of Technology, Melbourne, FL 32901, USA
Venue:
Computer Communications
Year:
2012

Citing 22
Cited 0

A Theory for Multiresolution Signal Decomposition: The Wavelet Representation

IEEE Transactions on Pattern Analysis and Machine Intelligence
Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level

IEEE/ACM Transactions on Networking (TON)
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
The 1998 Lincoln Laboratory IDS Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
Network traffic analysis using singular value decomposition and multiscale transforms

Information Sciences: an International Journal
Detecting Denial-of-Service attacks using the wavelet transform

Computer Communications
Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Statistical techniques for detecting traffic anomalies through packet header data

IEEE/ACM Transactions on Networking (TON)
Network anomaly detection based on wavelet analysis

EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A Wavelet Tour of Signal Processing, Third Edition: The Sparse Way

A Wavelet Tour of Signal Processing, Third Edition: The Sparse Way
Anomaly detection: A survey

ACM Computing Surveys (CSUR)
Network Traffic Anomaly Detection Based on Self-Similarity Using HHT and Wavelet Transform

IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01
Application of anomaly detection algorithms for detecting SYN flooding attacks

Computer Communications
Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies

Computer Communications
Toward credible evaluation of anomaly-based intrusion-detection methods

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Histogram-based traffic anomaly detection

IEEE Transactions on Network and Service Management
Adaptive wavelet thresholding for image denoising and compression

IEEE Transactions on Image Processing
Image Denoising by Sparse 3-D Transform-Domain Collaborative Filtering

IEEE Transactions on Image Processing

Quantified Score

Hi-index	0.24

Visualization

Abstract

We present a new approach for network traffic anomaly detection based on a denoising algorithm that uses wavelet transforms. Using a block-matching technique and considering network traffic as noise, we suppress the traffic in order to detect anomalies. This approach is data-driven in the sense that samples of network traffic determine the amount of background traffic suppression. Therefore, the output of the algorithm is an anomaly that can be easily detected. To improve the performance, the block-matching technique is combined with a method that can detect very short attacks. Results show that attacks can be detected under a variety of conditions.