Skip to main content
SpringerLink
Log in
Book cover

Image Processing and Communications Challenges 4 pp 225–232Cite as

Anomaly Detection Preprocessor for SNORT IDS System

  • Conference paper

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 184))

Summary

In this paper we propose anomaly detection preprocessor for SNORT IDS Intrusion Detection System [1] base on probabilistic and signal processing algorithms working in parallel. Two different algorithms increasing probability of detecting anomalies in network traffic. 25 network traffic features were used by preprocessor for detecting anomalies. Preprocessor calculated Chi-square statistic test and energy from DWT Discrete Wavelet Transform subband coefficients. Usability of proposed SNORT extension was evaluated in local LAN network.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SNORT IDS, http://www.snort.org/

  2. Ye, N., Chen, Q., Emran, S.M.: Chi-squared statistical profiling for anomaly detection. In: Proc. IEEE SMC Inform. Assurance Security Workshop, West Point, pp. 182–188 (2000)

    Google Scholar 

  3. Scherrer, A., Larrieu, N., Owezarski, P., Borgant, P., Abry, P.: Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies. IEEE Trans. on Dependable and Secure Computing 4(1) (2007)

    Google Scholar 

  4. Choraś, M., Saganowski, Ł., Renk, R., Hołubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems: The Journal of Knowledge Engineering (2011), doi:10.1111/j.1468-0394.2010.00576.x

    Google Scholar 

  5. Ye, N., Li, X., Chen, Q., Masum Emran, S., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. on Systems, Man and Cybernetics-Part A: Systems and Humans 31(4) (2001)

    Google Scholar 

  6. Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: IEEE GLOBECOM, San Francisco, CA, USA (November 2006)

    Google Scholar 

  7. Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing, Article ID 837601, 16 pages (2009), doi:10.1155/2009/837601

    Google Scholar 

  8. Grossman, A., Morlet, J.: Decompositions of Functions into Wavelets of Constant Shape, and Related Transforms. Mathematics and Physics: Lectures an Recent Results, L. Streit (1985)

    Google Scholar 

  9. Sweldens, W.: The Lifting Scheme: A Custom-Design Construction of Biorthogonal Wavelets. Applied and Computational Harmonic Analysis 3(15), 186–200 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  10. Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201–206 (2004)

    Google Scholar 

  11. BackTrack Linux, http://www.backtrack-linux.org/

Download references

Author information

Authors and Affiliations

  1. Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz, ul. Kaliskiego 7, 85-789, Bydgoszcz, Poland

    Łukasz Saganowski, Marcin Goncerzewicz & Tomasz Andrysiak

Authors
  1. Łukasz Saganowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcin Goncerzewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomasz Andrysiak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Łukasz Saganowski .

Editor information

Editors and Affiliations

  1. , Institute of Telecommunications, University of Technology & Life Sciences, ul.S.Kaliskiego 7, Bydgoszcz, 85-791, Poland

    Ryszard S. Choraś

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Saganowski, Ł., Goncerzewicz, M., Andrysiak, T. (2013). Anomaly Detection Preprocessor for SNORT IDS System. In: Choraś, R. (eds) Image Processing and Communications Challenges 4. Advances in Intelligent Systems and Computing, vol 184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32384-3_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32384-3_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32383-6

  • Online ISBN: 978-3-642-32384-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation