论文信息 - Anomaly Detection Preprocessor for SNORT IDS System

Anomaly Detection Preprocessor for SNORT IDS System

In this paper we propose anomaly detection preprocessor for SNORT IDS Intrusion Detection System [1] base on probabilistic and signal processing algorithms working in parallel. Two different algorithms increasing probability of detecting anomalies in network traffic. 25 network traffic features were used by preprocessor for detecting anomalies. Preprocessor calculated Chi-square statistic test and energy from DWT Discrete Wavelet Transform subband coefficients. Usability of proposed SNORT extension was evaluated in local LAN network.

[1] Qiang Chen,et al. Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[2] Antonio Pescapè,et al. NIS04-1: Wavelet-based Detection of DoS Attacks , 2006, IEEE Globecom 2006.

[3] W. Sweldens. The Lifting Scheme: A Custom - Design Construction of Biorthogonal Wavelets "Industrial Mathematics , 1996 .

[4] Philippe Owezarski,et al. Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies , 2007, IEEE Transactions on Dependable and Secure Computing.

[5] A. Grossmann,et al. DECOMPOSITION OF FUNCTIONS INTO WAVELETS OF CONSTANT SHAPE, AND RELATED TRANSFORMS , 1985 .

[6] Alberto Dainotti,et al. Wavelet-based Detection of DoS Attacks. , 2006 .

[7] Ali A. Ghorbani,et al. Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[8] Mark Crovella,et al. Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[9] Lukasz Saganowski,et al. Statistical and signal‐based network traffic recognition for anomaly detection , 2012, Expert Syst. J. Knowl. Eng..