Premium
Statistical and signal‐based network traffic recognition for anomaly detection
Author(s) -
Choraś Michał,
Saganowski Łukasz,
Renk Rafał,
Hołubowicz Witold
Publication year - 2012
Publication title -
expert systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.365
H-Index - 38
eISSN - 1468-0394
pISSN - 0266-4720
DOI - 10.1111/j.1468-0394.2010.00576.x
Subject(s) - computer science , anomaly detection , signal (programming language) , anomaly (physics) , pattern recognition (psychology) , artificial intelligence , data mining , speech recognition , programming language , physics , condensed matter physics
In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0‐day attacks and reduce false positives. Moreover, we propose to combine statistical and signal‐based features. The major contribution of this paper is novel framework for network security based on the correlation approach as well as new signal‐based algorithm for intrusion detection on the basis of the Matching Pursuit (MP) algorithm. As to our best knowledge, we are the first to use MP for intrusion and anomaly detection in computer networks. In the presented experiments, we proved that our solution gives better results than intrusion detection based on discrete wavelet transform.