WAVELET-BASED ANOMALY DETECTION IN NETWORK TRAFFIC / UM DETECTOR DE ANOMALIAS DE TRÁFEGO DE REDE BASEADO EM WAVELETS

AUTOR(ES)
DATA DE PUBLICAÇÃO

2010

RESUMO

Attacks on computer networks compromises the security of the system and degrade the performance of the network causing problems to users and organizations. Networkbased Intrusion Detection Systems are used to detect attacks or malicious activity by analyzing the network traffic. The anomaly-based detection approach is used for intrusion detection. It is assumed that the presence of traffic anomalies, deviations from standard behavior, is indicative of an attack or malfunction. A major difficulty of an anomaly-based Intrusion Detection System is the construction of the profile due to the complexity of network traffic. Methods derived from Signal Analysis, among which, the Wavelet Transform, have recently demonstrated applicability in detecting anomalies in network. This work proposes a new wavelet-based mechanism to detect network intrusions, through the analysis of descriptors of traffic. The mechanism proposed is based on Discrete Wavelet Transform of signal formed from the traffic descriptors, the calculation of thresholds and direct analysis of wavelet coefficients for detection of anomalies. We assume that an attack generates an anomaly (change) in the traffic pattern, visible in the wavelet coefficients. The detection mechanism is generic, to work with different descriptors, and has low computational complexity, which enhances the real-time analysis. In the experiments, the mechanism demonstrated good detection rate of attacks with few false positives and low processing time.

ASSUNTO(S)

attacks segurança security wavelets ataques ciencia da computacao wavelets

ACESSO AO ARTIGO

Documentos Relacionados