Wavelet-Based Unwanted Traffic Time Series Analysis

Identifying traffic anomalies precisely and instantaneously is critical to network stability. Most studies have focused on analyzing unwanted traffic from a Darknet system. However, conventional methods of detecting anomalous activities from these data are not applicable to detection. We apply discrete wavelet transform (DWT) techniques for traffic signal decomposition and examine unknown anomalous activities from unwanted traffic data. Our work focuses on three unwanted traffic packets: TCP SYNs, TCP SYN/ACKs, and UDP packets and on three intervals: 10-ms, 100-ms and 1-s. Furthermore, we discuss the features of this approach and consider some of its possible realizations. Our goal is to reveal properties when wavelet techniques are used to detect network anormalies behavior.

[1]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[2]  Qiang Chen,et al.  Computer intrusion detection through EWMA for autocorrelated and uncorrelated data , 2003, IEEE Trans. Reliab..

[3]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.

[4]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[5]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[6]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[7]  A. L. Narasimha Reddy,et al.  Statistical techniques for detecting traffic anomalies through packet header data , 2008, TNET.

[8]  Vinod Yegneswaran,et al.  Using Honeynets for Internet Situational Awareness , 2005 .

[9]  Farnam Jahanian,et al.  The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[10]  George Varghese,et al.  On Scalable Attack Detection in the Network , 2004, IEEE/ACM Transactions on Networking.

[11]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[12]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[13]  Ali A. Ghorbani,et al.  Detecting Network Anomalies Using Different Wavelet Basis Functions , 2008, 6th Annual Communication Networks and Services Research Conference (cnsr 2008).

[14]  Kensuke Fukuda,et al.  Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures , 2007, LSAD '07.

[15]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[16]  F. Jahanian,et al.  Practical Darknet Measurement , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[17]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[18]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[19]  Mohamed Hamdi,et al.  Detecting Denial-of-Service attacks using the wavelet transform , 2007, Comput. Commun..

[20]  Michael R. Chernick,et al.  Wavelet Methods for Time Series Analysis , 2001, Technometrics.

[21]  Richard R. Brooks,et al.  Wavelet based Denial-of-Service detection , 2006, Comput. Secur..

[22]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[23]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[24]  A. L. Narasimha Reddy,et al.  Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data , 2008, IEEE/ACM Transactions on Networking.

[25]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[26]  S. Mallat A wavelet tour of signal processing , 1998 .

[27]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[28]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[29]  Wang Hai-yan,et al.  Wavelet analysis method for detection of DDoS attack on the basis of self-similarity , 2007 .