Paper Info
Title
WAVE-CUSUM: Improving CUSUM performance in network anomaly detection by means of wavelet analysis
Abstract
The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management and many detection techniques, able to promptly reveal and identify network attacks, mainly detecting Heavy Changes in the network traffic, have been proposed. Among these, one of the most promising approach is based on the use of the CUSUM (CUmulative SUM). Nonetheless, CUSUM performance is strongly affected by its sensitivity to the presence of seasonal trends in the considered data. For this reason, in this paper we propose a novel detection method based on the idea of performing a pre-processing stage of the data by means of wavelets, aimed at filtering out such trends, before applying the CUSUM algorithm. The performance analysis, presented in the paper, demonstrates the efficiency of the proposed method, focusing on the performance improvements due to the pre-processing stage.
Year
DOI
Venue
2012
10.1016/j.cose.2012.05.001
Computers and Security
Keywords
Field
DocType
network security,wavelet analysis,intrusion detection system,cusum,network anomaly detection
Data mining,CUSUM,Anomaly detection,Computer security,Computer science,Network security,Filter (signal processing),Operator (computer programming),Intrusion detection system,Wavelet
Journal
Volume
Issue
ISSN
31
5
0167-4048
Citations 
PageRank 
References 
7
0.57
17
Authors
4
Name
Order
Citations
PageRank
C. Callegari19814.23
Stefano Giordano260986.56
Michele Pagano319831.51
Teresa Pepe412311.26