Anomaly detection through packet header data

Intrusion detection system (IDS) is a crucial part of network security area and is widely employed. Signature-based matching mechanisms require a completed analysis of attack patterns and the availability of knowledge detection beforehand. To cope with new attacks, IDS tools require to be continuously updated with the signature rules. In this paper, we present anomaly detection technique by using complex Gaussian coefficient to calculate the threshold for detecting unknown flooding attacks. The Network traffics are generated for three types of situations in the normal light traffic period, during the attacking period and in the heavy traffic period. The numbers of packets in time domain are transformed to complex Gaussian coefficient. The variances of the complex wavelet magnitude in each derivative level significantly describe network situation. This technique can be applied to detect unknown DDoS flooding patterns.