WAVE-CUSUM: Improving CUSUM performance in network anomaly detection by means of wavelet analysis
详细信息 查看全文
- 作者:C. Callegari ; christian.callegari@iet.unipi.it ; [Author Vitae] ; S. Giordano stefano.giordano@iet.unipi.it ; [Author Vitae] ; M. Pagano michele.pagano@iet.unipi.it ; [Author Vitae] ; T. Pepe teresa.pepe@iet.unipi.it ; [Author Vitae]
- 关键词:Network security ; Intrusion detection system ; Network anomaly detection ; CUSUM ; Wavelet analysis
- 刊名:Computers and Security
- 出版年:2012
- 出版时间:July, 2012
- 年:2012
- 卷:31
- 期:5
- 页码:727-735
- 全文大小:452 K
文摘
The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management and many detection techniques, able to promptly reveal and identify network attacks, mainly detecting Heavy Changes in the network traffic, have been proposed. Among these, one of the most promising approach is based on the use of the CUSUM (CUmulative SUM). Nonetheless, CUSUM performance is strongly affected by its sensitivity to the presence of seasonal trends in the considered data.
For this reason, in this paper we propose a novel detection method based on the idea of performing a pre-processing stage of the data by means of wavelets, aimed at filtering out such trends, before applying the CUSUM algorithm.
The performance analysis, presented in the paper, demonstrates the efficiency of the proposed method, focusing on the performance improvements due to the pre-processing stage.