In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering a novel technique for detecting network anomalies. Our approach is based on the idea that an anomaly can cause an abrupt change in the quantity of information, associated to a given traffic descriptor. For this reason we propose a novel anomaly detection technique, based on a combined use of information theory and wavelet analysis.
Combining Wavelet Analysis and Information Theory for Network Anomaly Detection
CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PAGANO, MICHELE;
2011-01-01
Abstract
In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering a novel technique for detecting network anomalies. Our approach is based on the idea that an anomaly can cause an abrupt change in the quantity of information, associated to a given traffic descriptor. For this reason we propose a novel anomaly detection technique, based on a combined use of information theory and wavelet analysis.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
