Snort IDS Hybrid ADS Preprocessor

Saganowski, Ł.; Andrysiak, T

Artykuł - szczegóły

Tytuł artykułu

Snort IDS Hybrid ADS Preprocessor

Autorzy

Saganowski Ł. , Andrysiak T

Wybrane pełne teksty z tego czasopisma

http://new-ipc.utp.edu.pl/index.php/ipc

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

The paper presents hybrid anomaly detection preprocessor for SNORT IDS - Intrusion Detection System [1] base on statistical test and DWT - Discrete Wavelet Transform coefficient analysis. Preprocessor increases functionality of SNORT IDS system and has complementary properties. Possibility of detection network anomalies is increased by using two different algorithms. SNORT captures network traffic features which are used by ADS (Anomaly Detection System) preprocessor for detecting anomalies. Chi-square statistical test and DWT subband coefficients energy values are used for calculating of normal network traffic profiles. We evaluated proposed SNORT extension with the use of test network.

Słowa kluczowe

IDS system anomaly detection system preprocessor algorithms

Wydawca

Instytut Telekomunikacji i Informatyki Uniwersytetu Technologiczno-Przyrodniczego w Bydgoszczy

Czasopismo

Image Processing & Communications

Rocznik

2012

Tom

Vol. 17, no. 4

Strony

17--22

Opis fizyczny

Bibliogr. 12 poz., rys., tab.

Twórcy

autor

Saganowski Ł.

lukasz.saganowski@utp.edu.pl

Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland

autor

Andrysiak T

Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland

Bibliografia

[1] SNORT IDS http://http://www.snort.org/
[2] N. Ye, Q. Chen, S.M. Emran, ”Chi-squared statistical profiling for anomaly detection,” In Proc. IEEE SMC Inform. Assurance Security Workshop, West Point, pp. 182-188, 2000
[3] A. Scherrer, N. Larrieu, P. Owezarski, P. Borgant, P. Abry, Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies, IEEE Trans. On Dependable and Secure Computing, Vol. 4 No. 1, 2007 [Web of Science]
[4] M. Choraś, Ł. Saganowski, R. Renk, W. Hołubowicz, Statistical and signal-based network traffic recognition for anomaly detection, In: Expert Systems, Vol. 29, No. 3, pp. 232-245, July 2012
[5] N. Ye,X. Li, Q. Chen,S. Masum Emran, M. Xu, Probabilistic techniques for intrusion detection based on computer audit data, IEEE Trans. On Systems, Man and Cybernetics-Part A: Systems and Humans, Vol. 31, No. 4, 2001
[6] A. Dainotti, A. Pescape, G. Ventre, Wavelet-based Detection of DoS Attacks, IEEE GLOBECOM - Nov 2006, San Francisco (CA, USA), 2006
[7] L. Wei, A. Ghorbani, Network Anomaly Detection Based on Wavelet Analysis, In EURASIP Journal on Advances in Signal Processing, Vol. 2009, Art.ID 837601, 16 pages, doi:10.1155/2009/837601, 2009
[8] A. Grossman,J. Morlet, Decompositions of Functions into Wavelets of Constant Shape, and Related Transforms, Mathematics and Physics: Lectures an Recent Results, L. Streit, 1985
[9] W. Sweldens, The Lifting Scheme: A Custom- Design Construction of Biorthogonal Wavelets, Applied and Computational Harmonic Analysis, Vol. 3, No. 15, pp. 186-200, 1996
[10] A. Lakhina, M. Crovella, CH. Diot, Characterization of network-wide anomalies in traffic flows, In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp. 201-206, 2004
[11] BackTrack Linux http://www.backtrack-linux.org/
[12] Metasploit Framework http://www.metasploit.com

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-a2a520ea-7cee-4309-9453-6c4d86dedea4