Network traffic analysis using singular value decomposition and multiscale transforms
Information Sciences: an International Journal
Self-similarity based lightweight intrusion detection method for cloud computing
ACIIDS'11 Proceedings of the Third international conference on Intelligent information and database systems - Volume Part II
A novel architecture for detecting and defending against flooding-based DDoS attacks
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Hi-index | 0.00 |
The behavior of a certain class of automatic intrusion detection systems (IDSs) may be characterized as sensing patterns of network activity which are indicative of hostile intent. An obvious technique to test such a system is to engage the IDSs of interest, and then use human actors to introduce the activities of a would-be intruder. While having the advantage of realism, such an approach is difficult to scale to large numbers of intrusive behaviors. Instead it would be preferable to generate traffic which includes these manifestations of intrusive activity automatically. While such traffic would be difficult to produce in a totally general way, there are some aspects of network utilization which may be reproducible without excessive investment of resources. In particular, real network loading often exhibits patterns of self-similarity, which may be seen at various levels of time scaling. These patterns should be replicated in simulated network traffic as closely as is feasible, given the computational ability of the simulator. We propose the use of multiresolution wavelet analysis as a technique which may be used to accomplish the desired detection, and subsequent construction of self-similarity in the simulated traffic. Following a multiresolution decomposition of the traffic using an orthogonal filterbank, the resulting wavelet coefficients may be filtered according to their magnitude, Some of the coefficients may be discarded, yielding an efficient representation. We investigate the effect of compression upon the reconstructed signal's self-similarity, as measured by its estimated Hurst parameter