Wavelet based detection of network traffic anomalies

Abstract

Computer Networks can be considered as an important component of today’s human life. Since data and information of various organizations and companies are transferred through private and public networks such as global internet network, thus special attention to the security parameters of these networks has emerged and is even increasing progressively. In order to increase the security of these networks, tools such as firewalls and intrusion detection systems (IDS) are used. [1] An intrusion detection system (IDS) generally detects unwanted manipulations to computer systems, mainly through Internet. These manipulations may take the form of attacks by hackers. [5] In this thesis, signal processing techniques are applied to intrusion detection systems, and a framework for real time wavelet-based analysis of network traffic anomalies is developed and implemented. A metric, namely percentage deviation to evaluate the detection parameters is used. Using these detection parameters, which are the processed wavelet coefficients, a decision for an instance is made and therefore an alert is generated if there is some anomalous state. The motivation for this work is to justify the assumptions that wavelets can be used to develop a real time network intrusion detection system. Using the KDD Data Set anomalies are aimed to be detected in short time periods. We believe that this knowledge could indeed be useful in developing such an intrusion detection system, as the achieved anomaly detection ratio in this thesis work is very satisfactory.