Detecting Denial-of-Service attacks using the wavelet transform

Anomaly-based intrusion detection is a crucial research issue as it permits to identify attacks that does not necessarily have known signatures. However, approaches using anomalies often consume more resources than those based on misuse detection and have a higher false alarm rate. This paper presents an efficient anomaly analysis method that is proved to be more efficient and less complex than the existing techniques. The approach relies on monitoring the security state by using a set of accurate metrics. The Wavelet Transform (WT) is used to decompose these metrics in the time-scale space. Attacks are viewed as Lipschitz singularities that arise in some specific points of time. Henceforth, the anomaly detection process is performed through processing the signals representing the metrics. The proposed approach is also shown to be extensible to the case where the monitoring points, used to gather the measurable features, are distributed according to the network topology.

[1]  Anupam Joshi,et al.  Fuzzy clustering for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[2]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[3]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[4]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[5]  Stéphane Mallat,et al.  Singularity detection and processing with wavelets , 1992, IEEE Trans. Inf. Theory.

[6]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[7]  Jim Alves-Foss,et al.  NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach , 2001, NSPW '01.

[8]  Stéphane Mallat,et al.  A Theory for Multiresolution Signal Decomposition: The Wavelet Representation , 1989, IEEE Trans. Pattern Anal. Mach. Intell..

[9]  D. Hardin,et al.  Fractal Functions and Wavelet Expansions Based on Several Scaling Functions , 1994 .

[10]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[11]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[12]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[13]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[14]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[15]  Jim Alves-Foss,et al.  An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events , 2002, NSPW '02.