Title :
Network traffic anomaly detection using weighted self-similarity based on EMD
Author :
Jieying Han ; Zhang, James Z.
Author_Institution :
Kimmel Sch., Dept. of Eng. & Technol., Western Carolina Univ., Cullowhee, NC, USA
Abstract :
Network traffic anomaly detection is an important part in network security. Identifying abnormal activities in a timely manner has been a demand in network anomaly detection. Conventional detection methods include Hurst parameter method, wavelet transform and Markov model. This article proposes a new method using weighted self-similarity parameter to detect abnormal activities over the internet. By performing a real-time Empirical Mode Decomposition (EMD) on the network traffic, we calculate the weighted self-similarity parameter based on the first Intrinsic Mode Function to analyze and detect suspicious activities. This approach provides the benefits of faster and accurate detection, as well as low computational cost.
Keywords :
Internet; Markov processes; computer network security; telecommunication traffic; wavelet transforms; EMD; Hurst parameter method; Internet; Markov model; abnormal activities identification; empirical mode decomposition; intrinsic mode function; network security; network traffic anomaly detection; suspicious activities analysis; suspicious activities detection; wavelet transform; weighted self-similarity parameter; Empirical mode decomposition; Real-time systems; Security; Testing; Time series analysis; Wavelet transforms; Anomaly detection; Empirical Mode Decomposition (EMD); Intrinsic Mode Function (IMF); Network traffic; Weighted self-similarity;
Conference_Titel :
Southeastcon, 2013 Proceedings of IEEE
Conference_Location :
Jacksonville, FL
Print_ISBN :
978-1-4799-0052-7
DOI :
10.1109/SECON.2013.6567395
