DDoS Attacks Detection by Means of Greedy Algorithms

In this paper we focus on DDoS attacks detection by means of greedy algorithms. In particular we propose to use Matching Pursuit and Orthogonal Matching Pursuit algorithms. The major contribution of the paper is the proposition of 1D KSVD algorithm as well as its tree based structure representation (clusters), that can be successfully applied to DDos attacks and network anomaly detection.

[1]  Y. C. Pati,et al.  Orthogonal matching pursuit: recursive function approximation with applications to wavelet decomposition , 1993, Proceedings of 27th Asilomar Conference on Signals, Systems and Computers.

[2]  Luigi Coppolino,et al.  Exploiting diversity and correlation to improve the performance of intrusion detection systems , 2009, 2009 International Conference on Network and Service Security.

[3]  L.L. DeLooze Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps , 2006, 2006 IEEE Information Assurance Workshop.

[4]  C Miller Image Sensor Data Base for the DARPA ALV (Defense Advanced Research Projects Agency Autonomous Land Vehicle) Program , 1986 .

[5]  M. Elad,et al.  $rm K$-SVD: An Algorithm for Designing Overcomplete Dictionaries for Sparse Representation , 2006, IEEE Transactions on Signal Processing.

[6]  Balas K. Natarajan,et al.  Sparse Approximate Solutions to Linear Systems , 1995, SIAM J. Comput..

[7]  Alberto Dainotti,et al.  Wavelet-based Detection of DoS Attacks. , 2006 .

[8]  Wei Chen,et al.  A novel approach to detecting DDoS Attacks at an Early Stage , 2006, The Journal of Supercomputing.

[9]  Lukasz Saganowski,et al.  Statistical and signal‐based network traffic recognition for anomaly detection , 2012, Expert Syst. J. Knowl. Eng..

[10]  P. Frossard,et al.  Tree-Based Pursuit: Algorithm and Properties , 2006, IEEE Transactions on Signal Processing.

[11]  Michael M. Goodwin,et al.  Adaptive Signal Models , 1998 .

[12]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[13]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[14]  S. Muthukrishnan,et al.  Approximation of functions over redundant dictionaries using coherence , 2003, SODA '03.

[15]  Edward A. Lee,et al.  Adaptive Signal Models: Theory, Algorithms, and Audio Applications , 1998 .

[16]  Lukasz Saganowski,et al.  A Novel Signal-Based Approach to Anomaly Detection in IDS Systems , 2009, ICANNGA.

[17]  Dennis Gabor,et al.  Theory of communication , 1946 .

[18]  Stéphane Mallat,et al.  Matching pursuits with time-frequency dictionaries , 1993, IEEE Trans. Signal Process..

[19]  Jan Wessnitzer,et al.  A Model of Non-elemental Associative Learning in the Mushroom Body Neuropil of the Insect Brain , 2007, ICANNGA.

[20]  S. Mallat,et al.  Adaptive greedy approximations , 1997 .

[21]  Joel A. Tropp,et al.  Greed is good: algorithmic results for sparse approximation , 2004, IEEE Transactions on Information Theory.

[22]  Antonio Pescapè,et al.  NIS04-1: Wavelet-based Detection of DoS Attacks , 2006, IEEE Globecom 2006.

[23]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[24]  Технология Springer Science+Business Media , 2013 .

[25]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..