Network traffic anomaly detection using weighted self-similarity based on EMD

Network traffic anomaly detection is an important part in network security. Identifying abnormal activities in a timely manner has been a demand in network anomaly detection. Conventional detection methods include Hurst parameter method, wavelet transform and Markov model. This article proposes a new method using weighted self-similarity parameter to detect abnormal activities over the internet. By performing a real-time Empirical Mode Decomposition (EMD) on the network traffic, we calculate the weighted self-similarity parameter based on the first Intrinsic Mode Function to analyze and detect suspicious activities. This approach provides the benefits of faster and accurate detection, as well as low computational cost.

[1]  Xiaofen Wang,et al.  A scheme for fast network traffic anomaly detection , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[2]  Hua Jiang,et al.  Fast Network Traffic Anomaly Detection Based on Iteration , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[3]  Yasser Yasami,et al.  An ARP-based Anomaly Detection Algorithm Using Hidden Markov Model in Enterprise Networks , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[4]  Dong Wang,et al.  Network Traffic Anomaly Detection Based on Self-Similarity Using HHT and Wavelet Transform , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[5]  J.Z. Zhang,et al.  Detection of involuntary human hand motions using Empirical Mode Decomposition and Hilbert-Huang Transform , 2008, 2008 51st Midwest Symposium on Circuits and Systems.

[6]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[7]  W. Willinger,et al.  ESTIMATORS FOR LONG-RANGE DEPENDENCE: AN EMPIRICAL STUDY , 1995 .

[8]  V. Alarcón-Aquino,et al.  Anomaly detection in communication networks using wavelets , 2001 .

[9]  N. Huang,et al.  The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis , 1998, Proceedings of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences.