Wavelet-based real time detection of network traffic anomalies

Chin Tser Huang, Sachin Thareja, Yong June Shin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

Original languageEnglish
Title of host publication2006 Securecomm and Workshops
DOIs
Publication statusPublished - 2006 Dec 1
Event2006 Securecomm and Workshops - Baltimore, MD, United States
Duration: 2006 Aug 282006 Sep 1

Publication series

Name2006 Securecomm and Workshops

Other

Other2006 Securecomm and Workshops
CountryUnited States
CityBaltimore, MD
Period06/8/2806/9/1

Fingerprint

Intrusion detection
Pattern matching
Signal processing
Entropy
entropy
Monitoring
monitoring
evaluation
performance
time
Denial-of-service attack

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Communication

Cite this

Huang, C. T., Thareja, S., & Shin, Y. J. (2006). Wavelet-based real time detection of network traffic anomalies. In 2006 Securecomm and Workshops [4198844] (2006 Securecomm and Workshops). https://doi.org/10.1109/SECCOMW.2006.359584
Huang, Chin Tser ; Thareja, Sachin ; Shin, Yong June. / Wavelet-based real time detection of network traffic anomalies. 2006 Securecomm and Workshops. 2006. (2006 Securecomm and Workshops).
@inproceedings{58a70e7ad9c1464d913eca43b311f5af,
title = "Wavelet-based real time detection of network traffic anomalies",
abstract = "Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.",
author = "Huang, {Chin Tser} and Sachin Thareja and Shin, {Yong June}",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/SECCOMW.2006.359584",
language = "English",
isbn = "1424404231",
series = "2006 Securecomm and Workshops",
booktitle = "2006 Securecomm and Workshops",

}

Huang, CT, Thareja, S & Shin, YJ 2006, Wavelet-based real time detection of network traffic anomalies. in 2006 Securecomm and Workshops., 4198844, 2006 Securecomm and Workshops, 2006 Securecomm and Workshops, Baltimore, MD, United States, 06/8/28. https://doi.org/10.1109/SECCOMW.2006.359584

Wavelet-based real time detection of network traffic anomalies. / Huang, Chin Tser; Thareja, Sachin; Shin, Yong June.

2006 Securecomm and Workshops. 2006. 4198844 (2006 Securecomm and Workshops).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Wavelet-based real time detection of network traffic anomalies

AU - Huang, Chin Tser

AU - Thareja, Sachin

AU - Shin, Yong June

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

AB - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.

UR - http://www.scopus.com/inward/record.url?scp=50049089892&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50049089892&partnerID=8YFLogxK

U2 - 10.1109/SECCOMW.2006.359584

DO - 10.1109/SECCOMW.2006.359584

M3 - Conference contribution

SN - 1424404231

SN - 9781424404230

T3 - 2006 Securecomm and Workshops

BT - 2006 Securecomm and Workshops

ER -

Huang CT, Thareja S, Shin YJ. Wavelet-based real time detection of network traffic anomalies. In 2006 Securecomm and Workshops. 2006. 4198844. (2006 Securecomm and Workshops). https://doi.org/10.1109/SECCOMW.2006.359584