Anomaly detection system based on sparse signal representation

• Autorzy: Andrysiak T. , Saganowski Ł.
• Języki publikacji: EN

Abstrakty

EN

In this paper we present further expansion of our matching pursuit methodology for anomaly detection in computer networks. In our previous work we proposed new signal based algorithm for intrusion detection systems based on anomaly detection approach on the basis of the Matching Pursuit algorithm. This time we present completely different approach to generating base functions (atoms) dictionary. We propose modification of K-SVD [1] algorithm in order to select atoms from real 1-D signal which represents network traffic features. Dictionary atoms selected in this way have the ability to approximate different 1-D signals representing network traffic features. Achieved dictionary was used to detect network anomalies on benchmark data sets. Results were compared to the dictionary based on analytical 1-D Gabor atoms.

Słowa kluczowe

EN

computer network; anomaly detection; network security; sparse signal representation

• Wydawca: Instytut Telekomunikacji i Informatyki Uniwersytetu Technologiczno-Przyrodniczego w Bydgoszczy
• Czasopismo: Image Processing & Communications
• Rocznik: 2011
• Tom: Vol. 16, no 3-4
• Strony: 37--44
• Opis fizyczny: Bibliogr. 19 poz.

Twórcy

autor

Andrysiak T.

autor

Saganowski Ł.

• Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz,

Bibliografia

• [1] M. Aharon, M. Elad, A. Bruckstein, K-SVD: An algorithm for designing overcomplete dictionaries for sparse representations, IEEE Trans, on Signal Processing, 54:4311-4322, 2006
• [2] L. Coppolino, S. D’Antonio, M. Esposito, L. Romano, Exploiting diversity and correlation to improve the performance of intrusion detection systems, In Proc of IFIP/IEEE International Conference on Network and Service, 2009
• [3] J.A. Troop, Greed is Good: Algorithmic Results for Sparse Approximation, IEEE Transactions on Information Theory, 50(10), 2004
• [4] S. Mallat, Zhang, Matching Pursuit with time-frequency dictionaries, IEEE Transactions on Signal Processing, 41(12)3397-3415, 1993
• [5] Y. C. Pati, R. Rezaiifar, P. S. Krishnaprasad, Orthogonal matching pursuit: recursive function approximation with applications to wavelet decomposition, in Asilomar Conference on Signals, Systems and Computers, 1:40-44, 1993
• [6] WIDE Project: MAWI Working Group Traffic Archive at tracer. csl. sony. co. jp/mawi/
• [7] The CAIDA Dataset on the Witty Worm (2004) Colleen Shanon and David Moore, www. caida. org/passive/witty
• [8] Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set: http://www.11.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
• [9] L. DeLooze, Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps. IEEE Workshop on Information Assurance United States Military Academy, 108-115, West Point, NY, 2006
• [10] A. Lakhina, M. Crovella, C.H. Diot, Characterization of network-wide anomalies in traffic flows. Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, 201-206, 2004
• [11] L. Wei, A. Ghorbani, Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing, vol. 2009, Article ID 837601, 16 pages, doi: 10.1155/2009/837601.
• [12] L. Saganowski, M. Choraś, R. Renk, W. Holubowicz, A Novel Signal-Based Approach to Anomaly Detection in IDS Systems. M. Kolehmainen et al. (Eds.): ICANNGA 2009, Springer LNCS 5495:527-536, 2009
• [13] M. Choraś, L. Saganowski, R. Renk, W. Hołubowicz, Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems: The Journal of Knowledge Engineering, 2011
• [14] G. Davis, S. Mallat, M. Avellaneda, Adaptive greedy approximations, Journal of Constructive Approximations, 13:57-98, 1987
• [15] A. Gilbert, S. Muthukrishnam, M. J. Strauss, Approximation of functions over redundant dictionaries using coherence, in 14th ACM-SIAM Symposium on Discrete Algorithms, 2003
• [16] D. Gabor, Theory of communication. Journals Electrical Enginners, 93:429-457, 1946
• [17] M. Goodwin, Adaptive Signal Models: Theory, Algorithms, and Audio Algorithms. Boston, MA: Kluwer, 1998
• [18] B. K. Natarajan, Sparse approximate solutions to linear systems. SLAM Journal of Computation, 24:227-234, 1995
• [19] P. Jost, P. Vandergheynst, P. Frossard, Tree-Based Pursuit: Algorithm and Properties, Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report, TR-ITS-2005.013, 2005