Statistical and signal-based network traffic recognition for anomaly detection

In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems 2012-07, Vol.29 (3), p.232-245
Main Authors: Choraś, Michał, Saganowski, Łukasz, Renk, Rafał, Hołubowicz, Witold
Format: Article
Language:English
Subjects:
Algorithms
Anomalies
anomaly detection
Correlation
Expert systems
Intrusion
Intrusion detection systems
matching pursuit
network security
Networks
Recognition
signal processing
Studies
Traffic engineering
Traffic flow
Wavelet transforms
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform.
ISSN:0266-4720
1468-0394
DOI:10.1111/j.1468-0394.2010.00576.x