PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Comprehensive approach to anomaly detection system evaluation

Wybrane pełne teksty z tego czasopisma
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Anomaly detection approach is a new, emerging trend for network security especially for high-security networks (such as military or critical infrastructure monitoring networks). In our previous work we proposed a new methodology for such intrusion detection systems. We proposed new signal based algorithm for intrusion detection on the basis of the Matching Pursuit algorithm. Hereby, we report further, more extensive, evaluation of the proposed methodology. We show results for 15 metrics characterizing network traffic (previously we tested our system using packets-per-second only). Moreover, we used various types of traffic traces to evaluate our methodology: authentic traffic with authentic attacks from campus and WAN networks, authentic traffic with artificial (injected) attacks from campus and corporate networks and ar-tificial traffic with artificial attacks. Finally, we provided the comparison of our method with state-of-the-art DWT-based anomaly detection system and proved that our solution gives better results in terms of detection rate and false positives.
Twórcy
Bibliografia
  • [1] L. Coppolino, L. DAntonio, M. Esposito, L. Romano. Exploiting diversity and correlation to improve the performance of intrusion detection systems - In Proc of IFIP/IEEE International Conference on Network and Service, 2009.
  • [2] L. Saganowski, M. Choraś, R. Renk, W. Hołubowicz. A Novel Signal-Based Approach to Anomaly Detection in IDS Systems , M. Kolehmainen et al. (Eds.): ICANNGA 2009, LNCS 5495, pp. 527536, Springer 2009.
  • [3] S. Mallat and Zhang. Matching Pursuit with time-frequency dictionaries. IEEE Transactions on Signal Processing., vol. 41, no 12, pp. 3397-3415, Dec 1993.
  • [4] J. A. Troop. Greed is Good: Algorithmic Results for Sparse Approximation. IEEE Transactions on Information Theory., vol. 50, no. 10, October 2004 r.
  • [5] R. Gribonval. Fast Matching Pursuit with a Multiscale Dictionary of Gaussian Chirps. IEEE Transactions on Signal Processing., vol. 49, no. 5, may 2001.
  • [6] P. Jost, P. Vandergheynst, P. Frossard. Tree-Based Pursuit: Algorithm and Properties. Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report,TR-ITS-2005.013, May 17th, 2005.
  • [7] J. A. Troop. Greed is Good: Algorithmic Results for Sparse Approximation, IEEE Transactions on Information Theory, vol. 50, no. 10, October 2004.
  • [8] WIDE Project: MAWI Working Group Traffic Archive tracer.csl.sony.co.jp/mawi/
  • [9] The CAIDA Dataset on the Witty Worm - March 19-24, 2004, Colleen Shanon and David Moore, www.caida.org/passive/witty.
  • [10] http://www.grid.unina.it/Traffic/Traces/ttraces.php.
  • [11] Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set: http://www.11.mit.edu/mission/ communications/1st/corpora/ideval/data/index.html
  • [12] R. Renk, L. Saganowski, M. Choras, W. Holubowicz. Performance Evaluation of ADS System Based on Redundant Dictionary, In: R. S. Choras (Ed.): Image Processing and Communication Challenges 2, Advances in Soft Computing, 468-476, Springer, 2010.
  • [13] L. Lori DeLooze. Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps, IEEE Workshop on Information Assurance United States Military Academy, pp. 108-115, West Point, NY, June 2006.
  • [14] A. Lakhina, M. Crovella, C. Diot. Characterization of Network-wide anomalies in traffic flows, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp. 201-206, 2004.
  • [15] L. Wei, A. AH. Ghorbani, Network Anomaly Detection Based on Wavelet Analysis, EURASIP Journal on Advances in Signal Processing, vol. 2009, Article ID 837601, 16 pages, 2009. doi:10.1155/2009/837601.
  • [16] R. Gribonval. Fast Matching Pursuit with a Multiscale Dictionary of Gaussian Chirps, IEEE Transactions on Signal Processing, vol. 49, no. 5, May 2001.
  • [17] P. Jost, P. Vandergheynst, P. Frossard. Tree-Based Pursuit: Algorithm and Properties. Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report.,TR-ITS-2005.013, May 17th, 2005.
  • [18] E. Kajan. Information technology encyclopedia and acronyms. Springer, Berlin Heidelberg New York, 2002.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-article-BAT5-0057-0009
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.