Title :
Anomaly detection through packet header data
Author :
Longchupole, Sungkornsarun ; Maneerat, Noppadol ; Varakulsiripunth, Ruttikorn
Author_Institution :
King Mongkut´´s Inst. of Technol. Ladkrabang, Bangkok, Thailand
Abstract :
Intrusion detection system (IDS) is a crucial part of network security area and is widely employed. Signature-based matching mechanisms require a completed analysis of attack patterns and the availability of knowledge detection beforehand. To cope with new attacks, IDS tools require to be continuously updated with the signature rules. In this paper, we present anomaly detection technique by using complex Gaussian coefficient to calculate the threshold for detecting unknown flooding attacks. The Network traffics are generated for three types of situations in the normal light traffic period, during the attacking period and in the heavy traffic period. The numbers of packets in time domain are transformed to complex Gaussian coefficient. The variances of the complex wavelet magnitude in each derivative level significantly describe network situation. This technique can be applied to detect unknown DDoS flooding patterns.
Keywords :
Gaussian processes; computer network security; telecommunication traffic; DDoS flooding pattern; anomaly detection; complex Gaussian coefficient; complex wavelet magnitude; intrusion detection system; network security; network traffic; packet header data; signature-based matching mechanism; Computer crime; Data engineering; Data security; Electronic mail; Floods; Intrusion detection; Pattern analysis; Pattern matching; Telecommunication traffic; Traffic control; Anomaly-based Detection; Network-based Intrusion Detection System;
Conference_Titel :
Information, Communications and Signal Processing, 2009. ICICS 2009. 7th International Conference on
Conference_Location :
Macau
Print_ISBN :
978-1-4244-4656-8
Electronic_ISBN :
978-1-4244-4657-5
DOI :
10.1109/ICICS.2009.5397552
