DocumentCode
2575285
Title
Wavelet-based Real Time Detection of Network Traffic Anomalies
Author
Huang, Chin-Tser ; Thareja, Sachin ; Shin, Yong-June
Author_Institution
Dept. of Comput. Sci. & Eng., South Carolina Univ., Columbia, SC
fYear
2006
fDate
Aug. 28 2006-Sept. 1 2006
Firstpage
1
Lastpage
7
Abstract
Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like denial of service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work
Keywords
pattern matching; security of data; signal processing; telecommunication security; telecommunication traffic; wavelet transforms; Coiflet wavelets; Paul wavelets; Waveman; denial of service attacks; intrusion detection systems; network traffic anomalies; pattern matching techniques; real time network intrusion monitoring; signal processing techniques; wavelet-based real time detection; Computer crime; Entropy; Intrusion detection; Monitoring; Pattern matching; Real time systems; Signal analysis; Signal processing; Telecommunication traffic; Wavelet analysis; entropy; intrusion detection; network traffic anomaly; percentage deviation; wavelet;
fLanguage
English
Publisher
ieee
Conference_Titel
Securecomm and Workshops, 2006
Conference_Location
Baltimore, MD
Print_ISBN
1-4244-0423-1
Electronic_ISBN
1-4244-0423-1
Type
conf
DOI
10.1109/SECCOMW.2006.359584
Filename
4198844
Link To Document