Network anomaly detection based on wavelet analysis

Eurasip Journal on Advances in Signal Processing

Volumn 2009, Issue , 2009, Pages

  Lu, Wei ^a   Ghorbani, Ali A ^a  

^a UNIVERSITY OF NEW BRUNSWICK   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET; INTERNET SERVICE PROVIDERS; INTRUSION DETECTION; PROGRAMMING THEORY;

COMPREHENSIVE ANALYSIS; DATA SETS; DETECTION RATES; EVALUATION RESULTS; INPUT SIGNALS; NETWORK ANOMALIES; NETWORK ANOMALY DETECTIONS; NETWORK TRAFFICS; SIGNAL MODELLING; SIGNAL PROCESSING TECHNIQUES; SYSTEM IDENTIFICATION THEORIES; WAVELET APPROXIMATIONS;

SIGNAL PROCESSING;

EID: 59949095579     PISSN: 16876172     EISSN: 16876180     Source Type: Journal    
DOI: 10.1155/2009/837601     Document Type: Article

References (50)

1. Anderson J. P., Computer security threat monitoring and surveillance 1999 Fort Washington, Pa, USA James P. Anderson
2. Denning D. E., An intrusion detection model IEEE Transactions on Software Engineering 1987 13 2 222 232
3. Axelsson S., The base-rate fallacy and the difficulty of intrusion detection ACM Transactions on Information and System Security 2000 3 3 186 201
4. Hochberg J., Jackson K., Stallings C., McClary J. F., DuBois D., Ford J., NADIR: an automated system for detecting network intrusion and misuse Computers Security 1993 12 3 235 248
5. Lunt T., Jagannathan R., Lee R., IDES: the enhanced prototype, a real-time intrusion detection system 1988 October SRI Project 4185-010 Menlo Park, Calif, USA SRI International, Computer Science Laboratory
6. Smaha S. E., Haystack: an intrusion detection system Proceedings of the 4th IEEE Aerospace Computer Security Applications Conference December 1988 Orlando, Fla, USA 37 44
7. Frank J., Artificial intelligence and intrusion detection: current and future directions Proceedings of the 17th National Computer Security Conference October 1994 Baltimore, Md, USA 11 21
8. Forrest S., Hofmeyr S. A., Somayaji A., Longstaff T. A., A sense of self for unix processes Proceedings of IEEE Symposium on Security and Privacy May 1996 Oakland, Calif, USA 120 128
9. Barreno M., Nelson B., Sears R., Joseph A. D., Tygar J. D., Can machine learning be secure? Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS 06) March 2006 Taipei, Taiwan 16 25
10. Sabhnani M., Serpen G., Analysis of a computer security dataset: why machine learning algorithms fail on KDD dataset for misuse detection Intelligent Data Analysis 2004 8 4 403 415
11. Patcha A., Park J.-M., An overview of anomaly detection techniques: existing solutions and latest technological trends Computer Networks 2007 51 12 3448 3470
12. Wang H., Zhang D., Shin K. G., Detecting SYN flooding attacks 3 Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 02) June 2002 New York, NY, USA 1530 1539
13. Barford P., Kline J., Plonka D., Ron A., A signal analysis of network traffic anomalies Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment (IMW 02) November 2002 Marseille, France 71 82
14. Gao J., Hu G., Yao X., Chang R. K. C., Anomaly detection of network traffic based on wavelet packet Proceedings of the Asia-Pacific Conference on Communications (APCC 06) August 2006 Busan, Korea 1 5
15. Huang C.-T., Thareja S., Shin Y.-J., Wavelet-based real time detection of network traffic anomalies Proceedings of Workshop on Enterprise Network Security and the 2nd International Conference on Security and Privacy in Communication Networks August 2006 Baltimore, Md, USA 1 7
16. Kim S. S., Reddy A. L. N., Image-based anomaly detection technique: algorithm, implementation and effectiveness IEEE Journal on Selected Areas in Communications 2006 24 10 1942 1954
17. Kim S. S., Reddy A. L. N., Vannucci M., Detecting traffic anomalies through aggregate analysis of packet header data Proceedings of the 3rd International IFIP-TC6 Networking Conference May 2004 Athens, Greece 1047 1059
18. Ramanarran A., WADES: a tool for distributed denial of service attack detection, M.S. thesis 2002 College Station, Tex, USA Texas AM University. TAMU-ECE-2002
19. Li L., Lee G., DDoS attack detection and wavelets Proceedings of 12th International Conference on Computer Communications and Networks (ICCCN 03) October 2003 Dallas, Tex, USA 421 427
20. Dainotti A., Pescape A., Ventre G., Wavelet-based detection of DoS attacks Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM 06) November 2006 San Francisco, Calif, USA 1 6
21. Huang P., Feldmann A., Willinger W., A non-intrusive, wavelet-based approach to detecting network performance problems Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurment (IMW 01) November 2001 San Francisco, Calif, USA 213 227
22. Lakhina A., Crovella M., Diot C., Diagnosing network-wide traffic anomalies Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 04) September 2004 Portland, Ore, USA 219 230
23. Lakhina A., Crovella M., Diot C., Mining anomalies using traffic feature distributions ACM SIGCOMM Computer Communication Review 2005 35 4 217 228
24. Kim M. S., Kim T., Shin Y. J., Lam S. S., Powers E. J., A wavelet-based approach to detect shared congestion ACM SIGCOMM Computer Communication Review 2004 34 4 293 306
25. Liu B. S., Li Y. J., Hou Y. P., Sui X. S., The identification and correction of outlier based on wavelet transform of traffic flow Proceedings of International Conference on Wavelet Analysis and Pattern Recognition November 2007 Beijing, China 1498 1503
26. Rawat S., Sastry C. S., Network intrusion detection using wavelet analysis 3356 Proceedings of the 7th International Conference on Information Technology (CIT 04) December 2004 Hyderabad, India 224 232 Lecture Notes in Computer Science
27. Gabor D., Theory of communication Journal of IEE 1946 93 429 441
28. KDDCUP,. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
29. DARPA,. 1999, http://www.ll.mit.edu/IST/ideval/data/1999/1999dataindex. html
30. DARPA,. 1998, http://www.ll.mit.edu/IST/ideval/data/1998/1998dataindex. html
31. Meyer Y., Combes J. M., Grossman A., Tchamitchian P., Orthonormal wavelets Wavelets: Time-Frequency Methods and Phase Space 1989 Berlin, Germany Springer 21 37
32. Mallat S., A Wavelet Tour of Signal Processing 1999 2nd Boston, Mass, USA Academic Press
33. Ljung L., System Identification: Theory for the User 1999 2nd Englewood Cliffs, NJ, USA Prentice-Hall
34. Murtagh F., Starck J. L., Renaud O., On neuro-wavelet modeling Decision Support Systems Journal 2004 37 4 475 484
35. Ripley B. D., Pattern Recognition and Neural Networks 1996 Cambridge, UK Cambridge University Press
36. Titterington D., Smith A., Makov U., Statistical Analysis of Finite Mixture Distributions 1985 New York, NY, USA John Wiley Sons
37. Dempster A. P., Laird N. M., Rubin D. B., Maximum likelihood from incomplete data via the EM algorithm (with discussion) Journal of the Royal Statistical Society B 1977 39 1 1 38
38. Editcap,. http://www.ethereal.com/docs/man-pages/editcap.1.html
39. Tshark,. http://www.wireshark.org/docs/man-pages/editcap.html
40. Gaffney J. E. Jr., Ulvila J. W., Evaluation of intrusion detectors: a decision theory approach Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy May 2001 Oakland, Calif, USA 50 61
41. Stolfo S., Fan W., Lee W., Prodromidis A., Chan P. K., Cost-based modeling for fraud and intrusion detection results from the JAM project 2000 New York, NY, USA Columbia University
42. Mahoney M. V., Chan P. K., An analysis of the 1999 DARPA/lincoln laboratory evaluation data for network anomaly detection Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 03) September 2003 Pittsburgh, Pa, USA 220 237
43. McHugh J., Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory ACM Transactions on Information and System Security 2000 3 4 262 294
44. Lu W., Traore I., A novel unsupervised anomaly detection framework for detecting network attacks in real-time 3810 Proceedings of the 4th International Conference on Cryptology and Network Security (CANS 05) December 2005 Xiamen, China Springer 96 109 Lecture Notes in Computer Science
45. Fred-eZone WiFi ISP,. http://www.fred-ezone.ca
46. Lazarevic A., Ertoz L., Kumar V., Ozgur A., Srivastava J., A comparative study of anomaly detection schemes in network intrusion detection Proceedings of the 3rd SIAM International Conference on Data Mining (SDM 03) May 2003 San Francisco, Calif, USA 108 120
47. Shyu M. L., Chen S. C., Sarinnapakorn K., Chang L., A novel anomaly detection scheme based on principal component classifier Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop November 2003 Melbourne, Fla, USA 172 179
48. Lu W., An unsupervised anomaly detection framework for multiple-connection based network intrusions, Ph.D. thesis 2005 October Victoria, Canada Department of Electrical and Computer Engineering, University of Victoria
49. CERT Coordination Center,. Denial-of-service tools-Advisory CA-1999-17, December 1999, http://www.cert.org/advisories/CA-1999-17.html
50. CERT Coordination Center, DoS Developments-Advisory CA-2000-01, January 2000, http://www.cert.org/advisories/CA-2000-01.html