Skip to main content
SpringerLink
Log in
Book cover

International Conference on Intelligent Information Technology

CIT 2004: Intelligent Information Technology pp 224–232Cite as

Network Intrusion Detection Using Wavelet Analysis

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3356))

Abstract

The inherent presence of self-similarity in network (LAN, Internet) traffic motivates the applicability of wavelets in the study of ‘burstiness’ features of them. Inspired by the methods that use the self-similarity property of a data network traffic as normal behaviour and any deviation from it as the anomalous behaviour, we propose a method for anomaly based network intrusion detection. Making use of the relations present among the wavelet coefficients of a self-similar function in a different way, our method determines the possible presence of not only an anomaly, but also its location in the data. We provide the empirical results on KDD data set to justify our approach.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abry, P., Veitch, D.: Wavelet Analysis of Long-Range Dependent Traffic. IEEE trans. Inform. Theory 44, 2–15 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  2. Allen, W.H., Marin, G.A.: On the Self-Similarity of Synthetic Traffic for the Evaluation of intrusion Detection Systems. In: Proc. of the IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), Orlando, FL, pp. 242–248 (2003)

    Google Scholar 

  3. Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection System. SP800- 31, NIST, Gaithersburg, MD (2001)

    Google Scholar 

  4. Barford, P., Plonka, D.: Characteristics of Network Traffic Flow Anomalies. In: Proc. of ACM SIGCOMM Internet Measurement Workshop IMW (2001)

    Google Scholar 

  5. Beran, J.: Statistics for Long-Memory Processes. Chapman and Hall, New York (1994)

    MATH  Google Scholar 

  6. Cabrera, J., Ravichandran, B., Mehra, R.: Statistical Traffic Modeling for Network Intrusion Detection. In: Proc. of the 8th IEEE Symposium on Modeling, Analysis and simulation of Computers and Telecommunications, San Francisco, California, pp. 466–475 (2000)

    Google Scholar 

  7. Crovella, M., Bestavros, A.: Self-Similarity in World Wide Web Traffic: Evidence and Possible Causes. IEEE-ACM Transactions on Networking. 5(6) (1997)

    Google Scholar 

  8. DARPA 1998 data set (1998), http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_index.html

  9. Daubechies, I.: Ten lectures on wavelets. CBMS-NSF Series in Appl. Math, vol. 61. SIAM, Philadelphia (1992)

    MATH  Google Scholar 

  10. Gilbert, A.C.: Multiscale Analysis and Data Networks. Applied and Computational Harmonic Analysis 10, 185–202 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  11. Huang, P., Feldmann, A., Willinger, W.: A Non-intrusive, wavelet-basesd Approach to Detect Network Performance Problems. In: Proc. of the First ACM SIGCOMM Workshop on Internet Measurement IMW 2001, San Francisco, California, USA, pp. 213–227 (2001)

    Google Scholar 

  12. KDD, data set (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  13. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proc. of Third SIAM Conference on Data Mining, San Francisco (2003)

    Google Scholar 

  14. Lee, W., Stolfo Salvatore, J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998), Usenix Association, January 26-29, pp. 79–94 (1998)

    Google Scholar 

  15. Lee, W., Stolfo, S., Mok, K.: Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In: Proc. of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD 1999), San Diego, CA, pp. 114–124.

    Google Scholar 

  16. Leland, W., Taqqu, M.S., Willinger, W., Wilson, D.V.: On the Self-similar Nature of Ethernet Traffic (extended version). IEEE/ACM Transactions on Networking 2, 1–15 (1994)

    Article  Google Scholar 

  17. Nash, D., Ragsdale, D.: Simulation of Self-Similarity in Network utilization Patterns as as Precursor to Automated Testing of Intrusion Detection Systems. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and human 31(4), 327–331 (2001)

    Article  Google Scholar 

  18. Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithm for Detecting Misuse in KDD Intrusion Detection Dataset. To appear in Journal of Intelligent Data Analysis (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AI Lab, Dept. of Computer and Information Sciences, University of Hyderabad, Hyderabad, 500046, India

    Sanjay Rawat & Challa S. Sastry

  2. IDRBT, Castle Hills, Road No. 1, Masab Tank, Hyderabad, 500057, India

    Sanjay Rawat

Authors
  1. Sanjay Rawat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Challa S. Sastry
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Sc and Engineering, University of Texas At Arlington, TX-76019, Arlington

    Gautam Das

  2. Tata Consultancy Services, Software Units Layout, Madhapur, 500081, Hyderabad, India

    Ved Prakash Gulati

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rawat, S., Sastry, C.S. (2004). Network Intrusion Detection Using Wavelet Analysis. In: Das, G., Gulati, V.P. (eds) Intelligent Information Technology. CIT 2004. Lecture Notes in Computer Science, vol 3356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30561-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30561-3_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24126-3

  • Online ISBN: 978-3-540-30561-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation