Loading…
Statistical and signal-based network traffic recognition for anomaly detection
In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features...
Saved in:
| Published in: | Expert systems 2012-07, Vol.29 (3), p.232-245 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813 |
| container_end_page | 245 |
| container_issue | 3 |
| container_start_page | 232 |
| container_title | Expert systems |
| container_volume | 29 |
| creator | Choraś, Michał Saganowski, Łukasz Renk, Rafał Hołubowicz, Witold |
| description | In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform. |
| doi_str_mv | 10.1111/j.1468-0394.2010.00576.x |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1671449622</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1671449622</sourcerecordid><originalsourceid>FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813</originalsourceid><addsrcrecordid>eNqNkctKAzEUhoMoWC_vMODGzdTcJsksXEjRKhVFVKyrkMkkJXU6qcmUtm9vxooLV2aTw8n3HTh_AMgQHKJ0LuZDRJnIISnpEMPUhbDgbLjZA4Pfh30wgJixnHIMD8FRjHMIIeKcDcDDc6c6FzunVZOpts6im7WqySsVTZ21plv78JF1QVnrdBaM9rPWdc63mfUhCX6hmm1Wm87ovnsCDqxqojn9uY_B6831y-g2v38c342u7nNNEWa5tZSTGmpV8kpgArkgzGqhNS2USVVV11irCpelgBWzyHJolTGksoWquEDkGJzv5i6D_1yZ2MmFi9o0jWqNX0WJGEeUlgzjhJ79Qed-FdKOiYKYIIFp0Q8UO0oHH2MwVi6DW6iwTZDsg5Zz2ecp-zxlH7T8Dlpuknq5U9euMdt_e_J6-vyequTnOz99g9n8-ip8SMYJL-Tbw1g-TSYFm06EHJMvPxmUSg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1023182451</pqid></control><display><type>article</type><title>Statistical and signal-based network traffic recognition for anomaly detection</title><source>Business Source Ultimate</source><source>Wiley-Blackwell Read & Publish Collection</source><creator>Choraś, Michał ; Saganowski, Łukasz ; Renk, Rafał ; Hołubowicz, Witold</creator><creatorcontrib>Choraś, Michał ; Saganowski, Łukasz ; Renk, Rafał ; Hołubowicz, Witold</creatorcontrib><description>In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform.</description><identifier>ISSN: 0266-4720</identifier><identifier>EISSN: 1468-0394</identifier><identifier>DOI: 10.1111/j.1468-0394.2010.00576.x</identifier><language>eng</language><publisher>Oxford: Blackwell Publishing Ltd</publisher><subject>Algorithms ; Anomalies ; anomaly detection ; Correlation ; Expert systems ; Intrusion ; Intrusion detection systems ; matching pursuit ; network security ; Networks ; Recognition ; signal processing ; Studies ; Traffic engineering ; Traffic flow ; Wavelet transforms</subject><ispartof>Expert systems, 2012-07, Vol.29 (3), p.232-245</ispartof><rights>2011 Blackwell Publishing Ltd</rights><rights>Copyright © 2012 Blackwell Publishing Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813</citedby><cites>FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,27905,27906</link.rule.ids></links><search><creatorcontrib>Choraś, Michał</creatorcontrib><creatorcontrib>Saganowski, Łukasz</creatorcontrib><creatorcontrib>Renk, Rafał</creatorcontrib><creatorcontrib>Hołubowicz, Witold</creatorcontrib><title>Statistical and signal-based network traffic recognition for anomaly detection</title><title>Expert systems</title><addtitle>Expert Systems</addtitle><description>In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform.</description><subject>Algorithms</subject><subject>Anomalies</subject><subject>anomaly detection</subject><subject>Correlation</subject><subject>Expert systems</subject><subject>Intrusion</subject><subject>Intrusion detection systems</subject><subject>matching pursuit</subject><subject>network security</subject><subject>Networks</subject><subject>Recognition</subject><subject>signal processing</subject><subject>Studies</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><subject>Wavelet transforms</subject><issn>0266-4720</issn><issn>1468-0394</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><recordid>eNqNkctKAzEUhoMoWC_vMODGzdTcJsksXEjRKhVFVKyrkMkkJXU6qcmUtm9vxooLV2aTw8n3HTh_AMgQHKJ0LuZDRJnIISnpEMPUhbDgbLjZA4Pfh30wgJixnHIMD8FRjHMIIeKcDcDDc6c6FzunVZOpts6im7WqySsVTZ21plv78JF1QVnrdBaM9rPWdc63mfUhCX6hmm1Wm87ovnsCDqxqojn9uY_B6831y-g2v38c342u7nNNEWa5tZSTGmpV8kpgArkgzGqhNS2USVVV11irCpelgBWzyHJolTGksoWquEDkGJzv5i6D_1yZ2MmFi9o0jWqNX0WJGEeUlgzjhJ79Qed-FdKOiYKYIIFp0Q8UO0oHH2MwVi6DW6iwTZDsg5Zz2ecp-zxlH7T8Dlpuknq5U9euMdt_e_J6-vyequTnOz99g9n8-ip8SMYJL-Tbw1g-TSYFm06EHJMvPxmUSg</recordid><startdate>201207</startdate><enddate>201207</enddate><creator>Choraś, Michał</creator><creator>Saganowski, Łukasz</creator><creator>Renk, Rafał</creator><creator>Hołubowicz, Witold</creator><general>Blackwell Publishing Ltd</general><scope>BSCLL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7TB</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201207</creationdate><title>Statistical and signal-based network traffic recognition for anomaly detection</title><author>Choraś, Michał ; Saganowski, Łukasz ; Renk, Rafał ; Hołubowicz, Witold</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Algorithms</topic><topic>Anomalies</topic><topic>anomaly detection</topic><topic>Correlation</topic><topic>Expert systems</topic><topic>Intrusion</topic><topic>Intrusion detection systems</topic><topic>matching pursuit</topic><topic>network security</topic><topic>Networks</topic><topic>Recognition</topic><topic>signal processing</topic><topic>Studies</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><topic>Wavelet transforms</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Choraś, Michał</creatorcontrib><creatorcontrib>Saganowski, Łukasz</creatorcontrib><creatorcontrib>Renk, Rafał</creatorcontrib><creatorcontrib>Hołubowicz, Witold</creatorcontrib><collection>Istex</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Mechanical & Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Expert systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Choraś, Michał</au><au>Saganowski, Łukasz</au><au>Renk, Rafał</au><au>Hołubowicz, Witold</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Statistical and signal-based network traffic recognition for anomaly detection</atitle><jtitle>Expert systems</jtitle><addtitle>Expert Systems</addtitle><date>2012-07</date><risdate>2012</risdate><volume>29</volume><issue>3</issue><spage>232</spage><epage>245</epage><pages>232-245</pages><issn>0266-4720</issn><eissn>1468-0394</eissn><abstract>In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform.</abstract><cop>Oxford</cop><pub>Blackwell Publishing Ltd</pub><doi>10.1111/j.1468-0394.2010.00576.x</doi><tpages>14</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0266-4720 |
| ispartof | Expert systems, 2012-07, Vol.29 (3), p.232-245 |
| issn | 0266-4720 1468-0394 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1671449622 |
| source | Business Source Ultimate; Wiley-Blackwell Read & Publish Collection |
| subjects | Algorithms Anomalies anomaly detection Correlation Expert systems Intrusion Intrusion detection systems matching pursuit network security Networks Recognition signal processing Studies Traffic engineering Traffic flow Wavelet transforms |
| title | Statistical and signal-based network traffic recognition for anomaly detection |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T01%3A05%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Statistical%20and%20signal-based%20network%20traffic%20recognition%20for%20anomaly%20detection&rft.jtitle=Expert%20systems&rft.au=Chora%C5%9B,%20Micha%C5%82&rft.date=2012-07&rft.volume=29&rft.issue=3&rft.spage=232&rft.epage=245&rft.pages=232-245&rft.issn=0266-4720&rft.eissn=1468-0394&rft_id=info:doi/10.1111/j.1468-0394.2010.00576.x&rft_dat=%3Cproquest_cross%3E1671449622%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c4126-ff473d0ca97b82307836fc8cc45ae6fcbdd2cab29980b6f1f70faee3bf5ab7813%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1023182451&rft_id=info:pmid/&rfr_iscdi=true |