Wavelet-based real time detection of network traffic anomalies

Chin Tser Huang; Sachin Thareja; Yong June Shin

doi:10.1109/SECCOMW.2006.359584

Wavelet-based real time detection of network traffic anomalies

Chin Tser Huang, Sachin Thareja, Yong June Shin

Department of Electrical and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

24 Citations (Scopus)

Abstract

Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

Original language	English
Title of host publication	2006 Securecomm and Workshops
DOIs	https://doi.org/10.1109/SECCOMW.2006.359584
Publication status	Published - 2006
Event	2006 Securecomm and Workshops - Baltimore, MD, United States Duration: 2006 Aug 28 → 2006 Sep 1

Publication series

Name	2006 Securecomm and Workshops

Other

Other	2006 Securecomm and Workshops
Country/Territory	United States
City	Baltimore, MD
Period	06/8/28 → 06/9/1

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Communication

Access to Document

10.1109/SECCOMW.2006.359584

Cite this

@inproceedings{58a70e7ad9c1464d913eca43b311f5af,

title = "Wavelet-based real time detection of network traffic anomalies",

abstract = "Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.",

author = "Huang, {Chin Tser} and Sachin Thareja and Shin, {Yong June}",

year = "2006",

doi = "10.1109/SECCOMW.2006.359584",

language = "English",

isbn = "1424404231",

series = "2006 Securecomm and Workshops",

booktitle = "2006 Securecomm and Workshops",

note = "2006 Securecomm and Workshops ; Conference date: 28-08-2006 Through 01-09-2006",

}

TY - GEN

T1 - Wavelet-based real time detection of network traffic anomalies

AU - Huang, Chin Tser

AU - Thareja, Sachin

AU - Shin, Yong June

PY - 2006

Y1 - 2006

N2 - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

AB - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

UR - http://www.scopus.com/inward/record.url?scp=50049089892&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50049089892&partnerID=8YFLogxK

U2 - 10.1109/SECCOMW.2006.359584

DO - 10.1109/SECCOMW.2006.359584

M3 - Conference contribution

AN - SCOPUS:50049089892

SN - 1424404231

SN - 9781424404230

T3 - 2006 Securecomm and Workshops

BT - 2006 Securecomm and Workshops

T2 - 2006 Securecomm and Workshops

Y2 - 28 August 2006 through 1 September 2006

ER -

Wavelet-based real time detection of network traffic anomalies

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this