Abstract | ||
---|---|---|
Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1155/2009/837601 | EURASIP J. Adv. Sig. Proc. |
Keywords | Field | DocType |
network traffic behavior,network anomaly,network anomaly detection,attack instance,evaluation result,input signal,new network signal,attack type,system identification theory,signal processing technique,wavelet analysis,darpa intrusion detection dataset | Anomaly detection,Data mining,Signal processing,Wavelet approximation,Computer security,Computer science,Artificial intelligence,System identification,Intrusion detection system,Wavelet,Attack model,Wireless lan,Machine learning | Journal |
Volume | Issue | ISSN |
2009, | 1 | 1687-6180 |
Citations | PageRank | References |
67 | 2.51 | 22 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Wei Lu | 1 | 703 | 30.81 |
Ali A. Ghorbani | 2 | 1891 | 135.01 |