Abstract
In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the “classical” prevention mechanisms, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network security. In this paper we address the problem considering different methods, based on the Wavelet Packet Transform, for detecting anomalies in the network traffic, taking into account both the best basis and the value of transformed coefficients.
The performance comparison among the different solutions shows that very little information about network anomalies is carried by the best basis selection, while the “distance” between the transformed coefficients leads to very interesting results, highlighting the effectiveness of the proposed approaches.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: IMW 2002: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pp. 71–82 (2002)
Huang, P., Feldmann, A., Willinger, W.: A non-instrusive, wavelet-based approach to detecting network performance problems. In: IMW 2001: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 213–227 (2001)
Dainotti, A., Pescapè, A., Ventre, G.: Wavelet-based detection of DoS attacks. In: Proceedings of GLOBECOM 2006, pp. 1–6 (2006)
Daubechies, I.: Ten lectures on Wavelets. CBMS-NSF Series in Applied Mathematics, vol. 61. SIAM, Philadelphia (1992)
Mallat, S.: Multifrequency channel decompositions of images and wavelet models. IEEE Transactions on Acoustics, Speech and Signal Processing 37, 2091–2110 (1989)
Wickerhauser, M.: Lectures on wavelet packet algorithms, November 18 (1991)
Hess-Nielsen, N., Wickerhauser, M.: Wavelets and time-frequency analysis. In: Proceedings of the IEEE, vol. 84, pp. 523–540 (April 1996)
MIT, Lincoln laboratory, DARPA evaluation intrusion detection(accessed on December 12, 2008) (2008), http://www.ll.mit.edu/IST/ideval/
Lippmann, R., Haines, J., Fried, D., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34(4), 579–595 (2000)
UCLA Data Traces, http://lever.cs.ucla.edu/ddos/traces
CERT Coordination Center. Denial-of-service tools - advisory, 1999-17, http://www.cert.org/advisories/CA-1999-17.html
CERT Coordination Center. DoS Developments - advisory ca-2000-01, http://www.cert.org/advisories/CA-2000-01.html
Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secur. Comput. 2(4), 324–335 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Callegari, C., Giordano, S., Pagano, M. (2008). Application of Wavelet Packet Transform to Network Anomaly Detection. In: Balandin, S., Moltchanov, D., Koucheryavy, Y. (eds) Next Generation Teletraffic and Wired/Wireless Advanced Networking. NEW2AN 2008. Lecture Notes in Computer Science, vol 5174. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85500-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-85500-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85499-9
Online ISBN: 978-3-540-85500-2
eBook Packages: Computer ScienceComputer Science (R0)