Network traffic anomaly detection using weighted self-similarity based on EMD

Author

Jieying Han ; Zhang, James Z.

Author_Institution

Kimmel Sch., Dept. of Eng. & Technol., Western Carolina Univ., Cullowhee, NC, USA

fYear

2013

fDate

4-7 April 2013

Firstpage

1

Lastpage

5

Abstract

Network traffic anomaly detection is an important part in network security. Identifying abnormal activities in a timely manner has been a demand in network anomaly detection. Conventional detection methods include Hurst parameter method, wavelet transform and Markov model. This article proposes a new method using weighted self-similarity parameter to detect abnormal activities over the internet. By performing a real-time Empirical Mode Decomposition (EMD) on the network traffic, we calculate the weighted self-similarity parameter based on the first Intrinsic Mode Function to analyze and detect suspicious activities. This approach provides the benefits of faster and accurate detection, as well as low computational cost.

Keywords

Internet; Markov processes; computer network security; telecommunication traffic; wavelet transforms; EMD; Hurst parameter method; Internet; Markov model; abnormal activities identification; empirical mode decomposition; intrinsic mode function; network security; network traffic anomaly detection; suspicious activities analysis; suspicious activities detection; wavelet transform; weighted self-similarity parameter; Empirical mode decomposition; Real-time systems; Security; Testing; Time series analysis; Wavelet transforms; Anomaly detection; Empirical Mode Decomposition (EMD); Intrinsic Mode Function (IMF); Network traffic; Weighted self-similarity;

fLanguage

English

Publisher

ieee

Conference_Titel

Southeastcon, 2013 Proceedings of IEEE

Conference_Location

Jacksonville, FL

ISSN

1091-0050

Print_ISBN

978-1-4799-0052-7

Type

conf

DOI

10.1109/SECON.2013.6567395

Filename

6567395