Abstract
The inherent presence of self-similarity in network (LAN, Internet) traffic motivates the applicability of wavelets in the study of ‘burstiness’ features of them. Inspired by the methods that use the self-similarity property of a data network traffic as normal behaviour and any deviation from it as the anomalous behaviour, we propose a method for anomaly based network intrusion detection. Making use of the relations present among the wavelet coefficients of a self-similar function in a different way, our method determines the possible presence of not only an anomaly, but also its location in the data. We provide the empirical results on KDD data set to justify our approach.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abry, P., Veitch, D.: Wavelet Analysis of Long-Range Dependent Traffic. IEEE trans. Inform. Theory 44, 2–15 (1998)
Allen, W.H., Marin, G.A.: On the Self-Similarity of Synthetic Traffic for the Evaluation of intrusion Detection Systems. In: Proc. of the IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), Orlando, FL, pp. 242–248 (2003)
Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection System. SP800- 31, NIST, Gaithersburg, MD (2001)
Barford, P., Plonka, D.: Characteristics of Network Traffic Flow Anomalies. In: Proc. of ACM SIGCOMM Internet Measurement Workshop IMW (2001)
Beran, J.: Statistics for Long-Memory Processes. Chapman and Hall, New York (1994)
Cabrera, J., Ravichandran, B., Mehra, R.: Statistical Traffic Modeling for Network Intrusion Detection. In: Proc. of the 8th IEEE Symposium on Modeling, Analysis and simulation of Computers and Telecommunications, San Francisco, California, pp. 466–475 (2000)
Crovella, M., Bestavros, A.: Self-Similarity in World Wide Web Traffic: Evidence and Possible Causes. IEEE-ACM Transactions on Networking. 5(6) (1997)
DARPA 1998 data set (1998), http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_index.html
Daubechies, I.: Ten lectures on wavelets. CBMS-NSF Series in Appl. Math, vol. 61. SIAM, Philadelphia (1992)
Gilbert, A.C.: Multiscale Analysis and Data Networks. Applied and Computational Harmonic Analysis 10, 185–202 (2001)
Huang, P., Feldmann, A., Willinger, W.: A Non-intrusive, wavelet-basesd Approach to Detect Network Performance Problems. In: Proc. of the First ACM SIGCOMM Workshop on Internet Measurement IMW 2001, San Francisco, California, USA, pp. 213–227 (2001)
KDD, data set (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proc. of Third SIAM Conference on Data Mining, San Francisco (2003)
Lee, W., Stolfo Salvatore, J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998), Usenix Association, January 26-29, pp. 79–94 (1998)
Lee, W., Stolfo, S., Mok, K.: Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In: Proc. of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD 1999), San Diego, CA, pp. 114–124.
Leland, W., Taqqu, M.S., Willinger, W., Wilson, D.V.: On the Self-similar Nature of Ethernet Traffic (extended version). IEEE/ACM Transactions on Networking 2, 1–15 (1994)
Nash, D., Ragsdale, D.: Simulation of Self-Similarity in Network utilization Patterns as as Precursor to Automated Testing of Intrusion Detection Systems. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and human 31(4), 327–331 (2001)
Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithm for Detecting Misuse in KDD Intrusion Detection Dataset. To appear in Journal of Intelligent Data Analysis (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rawat, S., Sastry, C.S. (2004). Network Intrusion Detection Using Wavelet Analysis. In: Das, G., Gulati, V.P. (eds) Intelligent Information Technology. CIT 2004. Lecture Notes in Computer Science, vol 3356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30561-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-30561-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24126-3
Online ISBN: 978-3-540-30561-3
eBook Packages: Computer ScienceComputer Science (R0)