S. Ezekiel, W. Oblitey, and R. Trimble (USA)
Network, Packet, Intrusion Detection, Entropy, Multiresolution Analysis (MRA), and Signal Analysis
Over the past decade, network security has become a rising concern. The major threats are often caused by malicious users or hackers. These intruders gather information about host computers and use it to access the network. It is important to monitor the network and detect any unauthorized entry as well as damage caused by such intrusive network traffic. Proper implementation of a network intrusion detection system can play a vital role protecting the network. Our goal is to develop a robust analysis engine which is the heart of a network intrusion detection system. The first stage in developing this engine is to analyze the network traffic. In this paper, we present a new approach for traffic analysis based on wavelet signal processing. As a basis for analysis, we use entropy as an estimator on a network signal consisting of a sequence of packets. We tested our method using data obtained from networks under simulated traffic of various types and different categories. The results show that our method can easily identify bandwidth-consumption and resource-starvation attacks. Since our method is simple and effective it can be used in real time processing.
Important Links:
Go Back