Network Traffic Anomaly Detection Based on Wavelet Analysis

Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.

[1]  Yongzheng Zhang,et al.  DDoS Attacks Detection and Control Mechanisms: DDoS Attacks Detection and Control Mechanisms , 2012 .

[2]  Chen Shanben Wavelet analysis and application in welding , 2003 .

[3]  Marius Salagean Real network traffic anomaly detection based on Analytical Discrete Wavelet Transform , 2010, 2010 12th International Conference on Optimization of Electrical and Electronic Equipment.

[4]  Hongbin Huang,et al.  Rice paper classification study based on signal processing and statistical methods in image texture analysis , 2014, 2014 IEEE/ACIS 13th International Conference on Computer and Information Science (ICIS).

[5]  Chih-Cheng Hung,et al.  An Empirical Study on Feature Extraction for the Classification of Textural and Natural Images , 2016, RACS.

[6]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[7]  Guangmin Hu,et al.  Anomaly Detection of Network Traffic Based on Wavelet Packet , 2006, 2006 Asia-Pacific Conference on Communications.

[8]  Julie A. Dickerson,et al.  Fuzzy intrusion detection , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[9]  Wu Chun-qiong,et al.  Network Intrusion Detection Model Based on Feature Selection , 2012 .

[10]  Jerry Lopez,et al.  Gaits Classification of Normal vs. Patients by Wireless Gait Sensor and Support Vector Machine (SVM) Classifier , 2017, Int. J. Softw. Innov..

[11]  Stéphane Mallat,et al.  Singularity detection and processing with wavelets , 1992, IEEE Trans. Inf. Theory.

[12]  Ryosuke Shibasaki,et al.  Wavelet Analysis and Its Application , 1996 .

[13]  Niu Guolin On-Line Anomaly Detection Method for Network Traffic Based on Adaptive Filtering , 2009 .

[14]  Lin Zhi-ping Wavelet Analysis and Its De-nosing Application , 2008 .

[15]  N.V. Thakor,et al.  Wavelet entropy method for EEG analysis: application to global brain injury , 2003, First International IEEE EMBS Conference on Neural Engineering, 2003. Conference Proceedings..

[16]  Wang Ruchuan Anomaly Network Traffic Detection Based on Auto-Adapted Parameters Method , 2008 .

[17]  He Wei-song Network Traffic Anomaly Detection Based on Data Mining in Time-series Graph , 2009 .

[18]  Fulei Chu,et al.  Application of the wavelet transform in machine condition monitoring and fault diagnostics: a review with bibliography , 2004 .

[19]  Yuhanis Yusof,et al.  An enhanced Discrete Wavelet Packet Transform for Feature Extraction in Electroencephalogram Signals , 2017, ICISPC 2017.

[20]  Bradley R. Schmerl,et al.  A model-based approach to anomaly detection in software architectures , 2016, HotSoS.

[21]  Bernhard Schölkopf,et al.  Comparing support vector machines with Gaussian kernels to radial basis function classifiers , 1997, IEEE Trans. Signal Process..

[22]  Stefanie Rinderle-Ma,et al.  Anomaly detection and visualization in generative RBAC models , 2014, SACMAT '14.

[23]  Ming Wan,et al.  Modbus Communication Behavior Modeling and SVM Intrusion Detection Method , 2016 .

[24]  Saadiah Yahya,et al.  Anomaly detection based on profile signature in network using machine learning technique , 2016, 2016 IEEE Region 10 Symposium (TENSYMP).

[25]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[26]  Li Jun A Network Traffic Anomaly Detection Method Based on Non-parametric Statistical Theory , 2011 .

[27]  Du Hong-le A Cooperative Intrusion Detection System Based on BP Neural Network , 2011 .

[28]  Trieu-Kien Truong,et al.  Audio classification and categorization based on wavelets and support vector Machine , 2005, IEEE Transactions on Speech and Audio Processing.

[29]  Z. Jane Wang,et al.  A Sparse Representation-Based Wavelet Domain Speech Steganography Method , 2015, IEEE/ACM Transactions on Audio, Speech, and Language Processing.

[30]  Slim Abdennadher,et al.  Enhancing one-class support vector machines for unsupervised anomaly detection , 2013, ODD '13.