Abstract
Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.
| Original language | English |
|---|---|
| Title of host publication | 2006 Securecomm and Workshops |
| DOIs | |
| Publication status | Published - 2006 Dec 1 |
| Event | 2006 Securecomm and Workshops - Baltimore, MD, United States Duration: 2006 Aug 28 → 2006 Sep 1 |
Publication series
| Name | 2006 Securecomm and Workshops |
|---|
Other
| Other | 2006 Securecomm and Workshops |
|---|---|
| Country | United States |
| City | Baltimore, MD |
| Period | 06/8/28 → 06/9/1 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Communication
Cite this
}
Wavelet-based real time detection of network traffic anomalies. / Huang, Chin Tser; Thareja, Sachin; Shin, Yong June.
2006 Securecomm and Workshops. 2006. 4198844 (2006 Securecomm and Workshops).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
TY - GEN
T1 - Wavelet-based real time detection of network traffic anomalies
AU - Huang, Chin Tser
AU - Thareja, Sachin
AU - Shin, Yong June
PY - 2006/12/1
Y1 - 2006/12/1
N2 - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.
AB - Real time network monitoring for intrusions is offered by various host and network based intrusion detection systems. These systems largely use signature or pattern matching techniques at the core and thus are ineffective in detecting unknown anomalous activities. In this paper, we apply signal processing techniques in intrusion detection systems, and develop and implement a framework, called Waveman, for real time wavelet-based analysis of network traffic anomalies. Then, we use two metrics, namely percentage deviation and entropy, to evaluate the performance of various wavelet functions on detecting different types of anomalies like Denial of Service (DoS) attacks and portscans. Our evaluation results show that Coiflet and Paul wavelets perform better than other wavelets in detecting most anomalies considered in this work.
UR - http://www.scopus.com/inward/record.url?scp=50049089892&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50049089892&partnerID=8YFLogxK
U2 - 10.1109/SECCOMW.2006.359584
DO - 10.1109/SECCOMW.2006.359584
M3 - Conference contribution
SN - 1424404231
SN - 9781424404230
T3 - 2006 Securecomm and Workshops
BT - 2006 Securecomm and Workshops
ER -