Combining sketch and wavelet models for anomaly detection

Statistics-based anomaly detections have been studied and implemented widely due to their potential to discover unseen anomalies. Several data analyzing techniques such as Wavelet have been successfully applied to this field of research. Wavelet analysis is one of the popular techniques that can be used to extract unusual patterns hidden within time-series data. When combined with the powerful data summarization technique like sketch, it could be able to detection significant changes in network data without any prior knowledge about the targeted traffic. In this paper, we study the anomaly detection approach based on the combination of random projection (sketch) and wavelet analysis. We apply our proposed algorithm to the traffic traces collected on the trans-Pacific transit backbone link (MAWI dataset), and compare it with other algorithms, and the port heuristic methodology. The experimental results show that our algorithm can detect and identify a large number of anomalous traffic that are, for example, associated with some malware activities. Moreover, our proposed algorithm is also capable of detecting low-intensity anomalies as well as some types of malicious traffic that cannot be identified by the traditional wavelet analysis.