Network anomaly detection based on adaptive approximation of signals

• Autorzy: Saganowski Ł. , Andrysiak T.

Warianty tytułu

PL

Wykrywanie anomalii sieciowych na podstawie adaptacyjnej aproksymacji sygnału

• Języki publikacji: EN

Abstrakty

EN

In the article we present Anomaly Detection System for recognizing unknown threats in network traffic with the use of Matching Pursuit decomposition. We proposed further improvements of presented anomaly detection method. Efficiency of our method is reported with the use of extended set of benchmark test traces. At the end we compared achieved results with different methods based on signal processing, data mining and hybrid techniques.

PL

W artykule zaproponowany został System Detekcji Anomalii w ruchu sieciowym z wykorzystaniem algorytmu dopasowania kroczącego. Zaproponowane zostały kolejne modyfikacje omawianej metody. Wydajność zastosowanego algorytmu została przedstawiona z użyciem testowych ścieżek ruchu sieciowego. Przedstawiono również porównanie zaproponowanej metody do innych rozwiązań systemów detekcji anomalii opartych o algorytmy: przetwarzania sygnałów, statystyczne oraz hybrydowe.

Słowa kluczowe

EN

anomaly detection system; matching pursuit decomposition; adaptive approximation of signals

PL

detekcja anomalii; dopasowanie kroczące; adaptacyjna aproksymacja sygnału

• Wydawca: Wydawnictwa Uczelniane Politechniki Bydgoskiej im. Jana i Jędrzeja Śniadeckich
• Czasopismo: Zeszyty Naukowe. Telekomunikacja i Elektronika / Uniwersytet Technologiczno-Przyrodniczy w Bydgoszczy
• Rocznik: 2011
• Tom: z. 15
• Strony: 37--48
• Opis fizyczny: Bibliogr. 29 poz.

Twórcy

autor

Saganowski Ł.

autor

Andrysiak T.

• Institute of Telecommunications, Faculty of Telecommunications and Electrical Engineering University of Technology and Life Sciences (UTP) ul. Kaliskiego 7, 85-789 Bydgoszcz, Poland,

Bibliografia

• [1] Esposito M., Mazzariello C., Oliviero F., Romano S.P., Sansone C., 2005. Real Time Detection of Novel Attacks by Means of Data Mining Techniques. ICEIS (3) pp. 120-127.
• [2] Davis G., Mallat S., Avellaneda M., 1997. Adaptive greedy approxima-tions, Journal of Constructive Approximation, vol. 13, pp.57-98.
• [3] Esposito M., Mazzariello C., Oliviero F., Romano S.P., Sansone C., 2005. Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. PRIS, pp. 144-153.
• [4] FP7 INTERSECTION Project, Deliverable D.2.1: SOLUTIONS FOR SECURING HETEROGENEOUS NETWORKS: A STATE OF THE ART ANALYSIS.
• [5] FP7 INTERSECTION (INfrastructure for heTErogeneous, Reislient, Secure, Complex, Tightly Inter-Operating Networks) Project Description of Work.
• [6] Cheng C.-M., Kung H.T., Tan K.-S., 2002. Use of spectral analysis in defense against DoS attacks, IEEE GLOBECOM, pp. 2143-2148.
• [7] Barford P., Kline J., Plonka D., Ron A. A signal analysis of network traffic anomalies, ACM SIGCOMM Internet Measurement Workshop 2002.
• [8] Huang P., Feldmann A., Willinger W., 2001. A non-intrusive, wavelet-based approach to detecting network performance problems, ACM SIGCOMM Internet Measurement Workshop.
• [9] Li L., Lee G., 2003. DDos attack detection and wavelets, IEEE ICCCN03, pp. 421--427.
• [10] Dainotti A., Pescape A., Ventre G., 2006. Wavelet-based Detection of DoS Attacks, 2006 IEEE GLOBECOM, San Francisco (CA, USA).
• [11] Mallat S., Zhang, 1993. Matching Pursuit with timefrequency dictonaries. IEEE Transactions on Signal Processing., vol. 41, no 12, pp. 3397-3415.
• [12] Troop J.A., 2004. Greed is Good: Algorithmic Results for Sparse Appro-ximation. IEEE Transactions on Information Theory, vol. 50, no. 10.
• [13] Tropp J.A., 2003. Greed is good: Algorithmic results for sparse approximation, ICES Report 03-04, The University of Texas at Austin.
• [14] Gribonval R., 2001. Fast Matching Pursuit with a Multiscale Dictionary of Gaussian Chirps. IEEE Transactions on Signal Processing., vol. 49, no. 5.
• [15] Jost P., Vandergheynst P., Frossard P., 2005. Tree-Based Pursuit: Algorithm and Properties. Swiss Federal Institute of Technology Lausanne (EPFL),Signal Processing Institute Technical Report.,TR-ITS-2005.013.
• [16] Elad M., 2010. Sparse and Redundant Representations: From Theory to Applications in Signal and Image Processing, Springer.
• [17] Gabor D., 1946. Theory of communication. Journal of Institution Electrical Engineering, vol. 93, no. 26, pp. 429-457.
• [18] Janssen A., 1981. Gabor representation of generalized functions. Journal of the Mathematical. Analysis. and Applications, vol. 83, no. 2, pp. 377–394.
• [19] Lu W., Ghorbani Ali A., 2009. Network Anomaly Detection Based on Wavelet Analysis, EURASIP Journal on Advances in Signal Processing, vol. 2009, Article ID 837601. doi:10.1155/2009/837601
• [20] Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set: http://www.ll.mit.edu/mission/communications/ist/corpora/ ideval/data/index.html
• [21] WIDE Project: MAWI Working Group Traffic Archive at tracer.csl.sony.co.jp/mawi/
• [22] The CAIDA Dataset on the Witty Worm - March 19-24, 2004. Colleen Shanon and David Moore, www.caida.org/passive/witty.
• [23] Scherrer A., Larrieu N., Owezarski P., Borgant P., Abry P., 2007. Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies. IEEE Transactions On Dependable and Secure Computing, vol. 4, no. 1, pp. 56-70.
• [24] Mahoney M.V., Chan P.K., 2002. Learning nonstationary models of normal network traffic for detecting novel attacks, Proceedings of the Eighth ACM SIGKDD, pp. 376-385.
• [25] Shanmugam B., Idris N.B., 2011. Hybrid Intrusion Detection Systems (HIDS) using Fuzzy Logic, Intrusion Detection Systems, InTech, pp. 135-154, http://www.intechopen.com/books/show/title/intrusion-detection-systems.
• [26] Hwang K., Cai M., Chen Y., Qin M., 2007. Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE Transactions on dependable and secure computing, vol. 4, no. 1, pp. 1-15.
• [27] Tjhai G.C., Papadaki M., Furnell S.M., Clarke N.L., 2008. The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset, [in:] TrustBus 2008, LNCS 5185, Springer-Verlag, pp. 139-150.
• [28] Choraś M., Saganowski Ł., Renk R., Hołubowicz W., 2011. Statistical and signal-based net-work traffic recognition for anomaly detection. Expert Systems. The Journal of Knowledge Engineering.
• [29] Garcia-Teodoro P., Diaz-Verdejo J., Macia-Fernandez G., Vazquez E., 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges, Computers and security, Elsevier, vol. 28, pp. 18-28.