| 4/2014 - 7 |
Intrusion Detection in NEAR System by Anti-denoising Traffic Data Series using Discrete Wavelet TransformVANCEA, F.   |
Extra paper information in    |
| Click to see author's profile in SCOPUS, IEEE Xplore, Web of Science |
Download PDF  (1,213 KB) | Citation | Downloads: 760 | Views: 1,249 |
Author keywords
discrete wavelet transform, intrusion detection, self-similarity, signal denoising, time-frequency analysis
References keywords
traffic(9), wavelet(8), processing(7), network(7), detection(7), signal(6), analysis(4)
Blue keywords are present in both the references section and the paper title.
About this article
Date of Publication: 2014-11-30
Volume 14, Issue 4, Year 2014, On page(s): 43 - 48
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2014.04007
Web of Science Accession Number: 000348772500007
SCOPUS ID: 84921631227
Abstract
The paper presents two methods for detecting anomalies in data series derived from network traffic. Intrusion detection systems based on network traffic analysis are able to respond to incidents never seen before by detecting anomalies in data series extracted from the traffic. Some anomalies manifest themselves as pulses of various sizes and shapes, superimposed on series corresponding to normal traffic. In order to detect those impulses we propose two methods based on discrete wavelet transformation. Their effectiveness expressed in relative thresholds on pulse amplitude for no false negatives and no false positives is then evaluated against pulse duration and Hurst characteristic of original series. Different base functions are also evaluated for efficiency in the context of the proposed methods. |
| References | | | Cited By «-- Click to see who has cited this paper |
| [1] M. Roesch, "Snort - Lightweight Intrusion Detection for Networks", Proceedings of LISA '99, p.229-238
[2] P. Barford, J. Kline, D. Plonka and A. Ron, "A Signal Analysis of Network Traffic Anomalies", Proceedings Of ACM Sigcomm Internet Measurement Workshop 2002, [CrossRef] [3] H. Cheng, Y. Fang, J. Huang, Z. Shao, "Multifractal Analysis of Abnormal Network Traffic", APAN Network Research Workshop, 2004 [4] W. Lu, A. A. Ghorbani, "Network Anomaly Detection Based on Wavelet Analysis", EURASIP Journal on Advances in Signal Processing, Volume 2009, Article ID 837601, 16 pages, [CrossRef] [Web of Science Times Cited 131] [SCOPUS Times Cited 173] [5] C. Huang, S. Thareja, Y. Shin, "Wavelet-based real time detection of network traffic anomalies," in Proc. Securecomm and Workshops, 2006, 1-4244-0423-1, [CrossRef] [SCOPUS Times Cited 27] [6] F. Vancea, C. Vancea, "NEAR - Network Extractor of Anomaly Records or Traffic Split-Counting for Anomaly Detection", Conference Proceedings EUROCON 2013 [7] W. Leland, M. Taqqu, W. Willinger, and D. Wilson, "On the self-similar nature of Ethernet traffic (extended version)," IEEE/ACM Trans. Networking, pp. 1-15, 1994 [CrossRef] [Web of Science Times Cited 2919] [SCOPUS Times Cited 3970] [8] S. Uhlig and O. Bonaventure, "Understanding the Long-Term Self-Similarity of Internet Traffic", Proceedings of QOFIS2001, Coimbra, Portugal, September 2001. Springer-Verlag LNCS2156, pages 286-298 [9] J. M. Peha, "Protocols Can Make Traffic Appear Self-Similar", Department of Engineering and Public Policy. Paper 47. http://repository.cmu.edu/epp/47 [10] R. G. Clegg, "A Practical Guide To Measuring The Hurst Parameter", International Journal of Simulation: Systems, Science and Technology, ISSN 1473-804x online, 1473- 8031 print [11] S. Stoev, M. S. Taqqu, C. Park, J. S. Marron, "On the wavelet spectrum diagnostic for Hurst parameter estimation in the analysis of Internet traffic", Computer Networks, vol.48, 2005, pp. 423-445 [CrossRef] [Web of Science Times Cited 78] [SCOPUS Times Cited 91] [12] S. Katsev, I. L'Heureux, "Are Hurst exponents estimated from short or irregular time series meaningfult", Computers & Geosciences 29, Elsevier 2003, 1085-1089 [13] R. G. Clegg, R. Landa, M. Rio, "Criticisms of modelling packet traffic using long-range dependence (extended version)", Journal of Computer and System Sciences Volume 77, Issue 5, September 2011, Pages 861-868 [CrossRef] [Web of Science Times Cited 2] [SCOPUS Times Cited 3] [14] F. Vancea, "On Performance of Simple Detection of Pulse-Shaped Anomalies in Data Series from NEAR Network Data Collection Tool", Buletinul Stiintific al Universitatii "Politehnica" din Timisoara, Tom 57(71), Fascicola 1-2, 2012 [15] S. Mallat, and W. L. Hwang. "Singularity detection and processing with wavelets." Information Theory, IEEE Transactions on 38, no. 2 (1992): 617-643. [CrossRef] [Web of Science Times Cited 2804] [SCOPUS Times Cited 3861] [16] O. Alyt AM, O. S. Abbas, and A. Z. Elsherbeni. "Detection and localization of RF radar pulses in noise environments using wavelet packet transform and higher order statistics." Progress In Electromagnetics Research 58 (2006): 301-317. [CrossRef] [SCOPUS Times Cited 42] [17] Yi, Huiyue. "Robust Wavelet Transform-based Correlation Edge Detectors Using Correlation of Wavelet Coefficients.", International Journal of Signal Processing, Image Processing and Pattern Recognition Vol. 4, No. 4, December, 2011. [18] J. F. Kaiser, "On Teager's algorithm and its generalization to continuous signals," Proc. 4th IEEE Digital Signal Processing Workshop, Mohonk (New Paltz), NY, Sept. 1990. [19] A. Isar, I. Nafornita, "Time-frequency representations" "Reprezentari timp-frecventa", Ed. "Politehnica", 1998, p. 382-388 [20] M. Lang, H. Guo, J. E. Odegard, C. S. Burrus, and R. O. Wells Jr. "Noise reduction using an undecimated discrete wavelet transform." Signal Processing Letters, IEEE 3, no. 1 (1996): 10-12. [CrossRef] [Web of Science Times Cited 320] [SCOPUS Times Cited 400] [21] R. Coifman, Y. Meyer, S. Quake, and M. V. Wickerhauser. "Signal processing and compression with wavelet packets." In Wavelets and their applications, pp. 363-379. Springer Netherlands, 1994. [CrossRef] Web of Science® Citations for all references: 6,254 TCR SCOPUS® Citations for all references: 8,567 TCR Web of Science® Average Citations per reference: 284 ACR SCOPUS® Average Citations per reference: 389 ACR TCR = Total Citations for References / ACR = Average Citations per Reference We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more Citations for references updated on 2024-11-20 00:04 in 70 seconds. Note1: Web of Science® is a registered trademark of Clarivate Analytics. Note2: SCOPUS® is a registered trademark of Elsevier B.V. Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site. |
Copyright ©2001-2024
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.
