skip to main content
10.1145/2093698.2093767acmotherconferencesArticle/Chapter ViewAbstractPublication PagesisabelConference Proceedingsconference-collections
research-article

Combining wavelet analysis and information theory for network anomaly detection

Published: 26 October 2011 Publication History

Abstract

In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security.
In this paper we address the problem considering a novel technique for detecting network anomalies. Our approach is based on the idea that an anomaly can cause an abrupt change in the quantity of information, associated to a given traffic descriptor. For this reason we propose a novel anomaly detection technique, based on a combined use of information theory and wavelet analysis.

References

[1]
Flow-Tools Home Page. http://www.ietf.org/rfc/rfc3954.txt.
[2]
The Internet2 Network. http://www.internet2.edu/network/.
[3]
P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. In IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pages 71--82, 2002.
[4]
C. Callegari, S. Giordano, M. Pagano, and T. Pepe. On the use of sketches and wavelet analysis for network anomaly detection. In Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, IWCMC '10, pages 331--335, New York, NY, USA, 2010. ACM.
[5]
B. Claise. Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational), Oct. 2004.
[6]
G. Cormode and S. Muthukrishnan. An improved data stream summary: the count-min sketch and its applications. Journal of Algorithms, 55(1):58--75, 2005.
[7]
A. Dainotti, A. Pescape', and G. Ventre. Wavelet-based detection of dos attacks. In Proceedings of Global Telecommunications Conference 2006. GLOBECOM '06. IEEE, pages 1--6, 2006.
[8]
I. Daubechies. Ten lectures on Wavelets. no. 61 in CBMS-NSF Series in Applied Mathematics. SIAM, Philadelphia, 1992.
[9]
P. Huang, A. Feldmann, and W. Willinger. A non-instrusive, wavelet-based approach to detecting network performance problems. In IMW '01: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pages 213--227, 2001.
[10]
A. Lakhina. Diagnosing network-wide traffic anomalies. In In ACM SIGCOMM, pages 219--230, 2004.
[11]
A. Lakhina, M. Crovella, and C. Diot. Characterization of network-wide anomalies in traffic flows. In In ACM Internet Measurement Conference, pages 201--206, 2004.
[12]
A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev., 35(4):217--228, 2005.
[13]
A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. Technical report, 2005.
[14]
R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 34(4):579--595, 2000.
[15]
M. V. Mahoney and P. K. Chan. An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), pages 220--237. Springer-Verlag, 2003.
[16]
S. Mallat. Multifrequency channel decompositions of images and wavelet models. IEEE Transactions on Acoustics, Speech and Signal Processing, 37(12):2091--2110, Dec. 1989.
[17]
C.-M.-C. Pascal and C. Fabrice. Finding hierarchical heavy hitters with the count min sketch. In Proceedings of 4th International Workshop on Internet Performance, Simulation, Monitoring and Measurement, IPS-MOME, 2006.
[18]
M. Thorup and Y. Zhang. Tabulation based 4-universal hashing with applications to second moment estimation. In SODA '04: Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms, pages 615--624, Philadelphia, PA, USA, 2004. Society for Industrial and Applied Mathematics.

Cited By

View all
  • (2022)Multiscale Energy Network Tomography2022 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking55013.2022.9829766(1-9)Online publication date: 13-Jun-2022
  • (2022)DWT in P4: Periodicity Detection in the Data PlaneGLOBECOM 2022 - 2022 IEEE Global Communications Conference10.1109/GLOBECOM48099.2022.10000755(6343-6348)Online publication date: 4-Dec-2022

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ISABEL '11: Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
October 2011
949 pages
ISBN:9781450309134
DOI:10.1145/2093698
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Universitat Pompeu Fabra
  • IEEE
  • Technical University of Catalonia Spain: Technical University of Catalonia (UPC), Spain
  • River Publishers: River Publishers
  • CTTC: Technological Center for Telecommunications of Catalonia
  • CTIF: Kyranova Ltd, Center for TeleInFrastruktur

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. anomaly detection
  2. sketches
  3. wavelet analysis

Qualifiers

  • Research-article

Funding Sources

Conference

ISABEL '11
Sponsor:
  • Technical University of Catalonia Spain
  • River Publishers
  • CTTC
  • CTIF

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)10
  • Downloads (Last 6 weeks)3
Reflects downloads up to 10 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Multiscale Energy Network Tomography2022 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking55013.2022.9829766(1-9)Online publication date: 13-Jun-2022
  • (2022)DWT in P4: Periodicity Detection in the Data PlaneGLOBECOM 2022 - 2022 IEEE Global Communications Conference10.1109/GLOBECOM48099.2022.10000755(6343-6348)Online publication date: 4-Dec-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media