论文信息 - On the use of sketches and wavelet analysis for network anomaly detection

On the use of sketches and wavelet analysis for network anomaly detection

In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering a novel technique for detecting network anomalies. Our approach is based on the combined use of sketch and wavelet analysis to reveal the anomalies present in data collected at the router level. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method.

[1] Mikkel Thorup,et al. Tabulation based 4-universal hashing with applications to second moment estimation , 2004, SODA '04.

[2] Stéphane Mallat,et al. Multifrequency channel decompositions of images and wavelet models , 1989, IEEE Trans. Acoust. Speech Signal Process..

[3] Kensuke Fukuda,et al. Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures , 2007, LSAD '07.

[4] Mark Crovella,et al. Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[5] Anja Feldmann,et al. A non-instrusive, wavelet-based approach to detecting network performance problems , 2001, IMW '01.

[6] Graham Cormode,et al. An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[7] Paul Barford,et al. A signal analysis of network traffic anomalies , 2002, IMW '02.

[8] Benoit Claise,et al. Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[9] Alberto Dainotti,et al. Wavelet-based Detection of DoS Attacks. , 2006 .