Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
2015 | Vol. 24 | 63--71
Tytuł artykułu

Incoherent Dictionary Learning for Sparse Representation in Network Anomaly Detection

Wybrane pełne teksty z tego czasopisma
Warianty tytułu
Języki publikacji
In this article we present the use of sparse representation of a signal and incoherent dictionary learning method for the purpose of network traffic analysis. In learning process we use 1D INK-SVD algorithm to detect proper dictionary structure. Anomaly detection is realized by parameter estimation of the analyzed signal and its comparative analysis to network traffic profiles. Efficiency of our method is examined with the use of extended set of test traces from real network traffic. Received experimental results confirm effectiveness of the presented method.

Opis fizyczny
Bibliogr. 17 poz., tab.
  • UTP University of Science and Technology Institute of Telecommunications ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland,
  • UTP University of Science and Technology Institute of Telecommunications ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland,
  • [1] Choraś M., Saganowski L., Renk R., Hołubowicz W., Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems, 2012, 29(3),pp. 232–245.
  • [2] Garcia-Teodoro P., Diaz-Verdejo J., Maciá-Fernández G., Vázquez E., Anomalybased network intrusion detection: Techniques, systems and challenges. Computers & security, 2009, 28(1), pp. 18–28.
  • [3] Saganowski L., Goncerzewicz M., Andrysiak T., Anomaly detection preprocessor for snort ids system. In: Image Processing and Communications Challenges 4. Springer 2013, pp. 225–232.
  • [4] FP7 INTERSECTION Project, Deliverable d.2.1: Solutions for securing heterogeneous networks: A state of the art analysis.
  • [5] Hwang K., Cai M., Chen Y., Qin M., Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. Dependable and Secure Computing, IEEE Transactions on, 2007, 4(1), pp. 41–55. Processing, IEEE Transactions on, 1993, 41(12), pp. 3397–3415.
  • [6] Mallat S.G., Zhang Z., Matching pursuits with time-frequency dictionaries. Signal Processing, IEEE Transactions on, 1993, 41(12), pp. 3397–3415.
  • [7] Pati Y.C., Rezaiifar R., Krishnaprasad P., Orthogonal matching pursuit: Recursive function approximation with applications to wavelet decomposition. In: Signals, Systems and Computers, 1993. 1993 Conference Record of the Twenty-Seventh Asilomar Conference on, IEEE, 1993, pp. 40–44.
  • [8] Davis G., Mallat S., Avellaneda M., Adaptive greedy approximations. Constructive approximation, 1997, 13(1), pp. 57–98.
  • [9] Tropp J.A., Greed is good: Algorithmic results for sparse approximation. Information Theory, IEEE Transactions on, 2004, 50(10), pp. 2231–2242.
  • [10] Gribonval R., Fast matching pursuit with a multiscale dictionary of Gaussian chirps. Signal Processing, IEEE Transactions on, 2001, 49(5), pp. 994–1001.
  • [11] Elad M., From Exact to Approximate Solutions. In: Sparse and Redundant Representations: From Theory to Applications in Signal and Image Processing. Springer, New York, 2010 pp. 79–109.
  • [12] Aharon M., Elad M., Bruckstein A., K-svd: An algorithm for designing overcomplete dictionaries for sparse representation. Signal Processing, IEEE Transactions on, 2006, 54(11), pp. 4311–4322.
  • [13] Barchiesi D., Plumbley M.D., Learning incoherent dictionaries for sparse approximation using iterative projections and rotations. Signal Processing, IEEE Transactions on, 2013, 61(8), pp. 2055–2065.
  • [14] Snort – intrusion detection system., Accessed: 2014-12-30.
  • [15] Dainotti A., Pescap´e A., Ventre G., Wavelet-based detection of dos attacks. In: Global Telecommunications Conference, 2006. GLOBECOM’06. IEEE, IEEE, 2006, pp. 1–6.
  • [16] Kali linux., Accessed: 2014-12-30.
  • [17] Defense advanced research projects agency darpa intrusion detection evaluation data set. /data/index.html, Accessed: 2014-12-30.
Typ dokumentu
Identyfikator YADDA
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.