Statistical and signal-based network traffic recognition for anomaly detection

Authors:
Michał Choraś;Łukasz Saganowski;Rafał Renk;Witold Hołubowicz
Affiliations:
ITTI Ltd., Poznań  and Institute of Telecommunications, University of Technology and Life Sciences, Bydgoszcz, Poland;ITTI Ltd., Poznań  and Institute of Telecommunications, University of Technology and Life Sciences, Bydgoszcz, Poland;ITTI Ltd., Poznań  and Department of Applied Informatics, Adam Mickiewicz University, Poznań, Poland;ITTI Ltd., Poznań  and Department of Applied Informatics, Adam Mickiewicz University, Poznań, Poland
Venue:
Expert Systems: The Journal of Knowledge Engineering
Year:
2012

Citing 9
Cited 1

A non-instrusive, wavelet-based approach to detecting network performance problems

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Network anomaly detection based on wavelet analysis

EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A novel signal-based approach to anomaly detection in IDS systems

ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
Matching pursuits with time-frequency dictionaries

IEEE Transactions on Signal Processing
Greed is good: algorithmic results for sparse approximation

IEEE Transactions on Information Theory
Low-rate and flexible image coding with redundant representations

IEEE Transactions on Image Processing
Matching pursuit video coding .I. Dictionary approximation

IEEE Transactions on Circuits and Systems for Video Technology

Network events correlation for federated networks protection system

ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0-day attacks and reduce false positives. Moreover, we propose to combine statistical and signal-based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal-based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform. © 2012 Wiley Periodicals, Inc.