Anomaly detection approach is a new, emerging trend for network security especially for high-security networks (such as military or critical infrastructure monitoring networks). In our previous work we proposed a new methodology for such intrusion detection systems. We proposed new signal based algorithm for intrusion detection on the basis of the Matching Pursuit algorithm. Hereby, we report further, more extensive, evaluation of the proposed methodology. We show results for 15 metrics characterizing network traffic (previously we tested our system using packets-per-second only). Moreover, we used various types of traffic traces to evaluate our methodology: authentic traffic with authentic attacks from campus and WAN networks, authentic traffic with artificial (injected) attacks from campus and corporate networks and ar-tificial traffic with artificial attacks. Finally, we provided the comparison of our method with state-of-the-art DWT-based anomaly detection system and proved that our solution gives better results in terms of detection rate and false positives.
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.