For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A New Method of Mining Affective Transition Law
p.84
A New Method of Rapid Linearity Detection of LFMCW Radar
p.88
A Novel Descriptor for Line (Curve) Matching
p.92
A Novel Hybrid Model for Image Classification
p.98
A Novel Network Traffic Anomaly Detection Based on Multi-Scale Fusion
p.102
A Novel TDM Approach for Dedicated Bus Lanes Guaranteeing Bus Priority
p.106
A Novel Variable PRI Waveform Selection Method for Radar Target Tracking
p.110
A Study of Evolution Mechanism and Monitoring Method on Aircraft Sudden Failure
p.114
A Study on Flange Lathe of Double-Tool Holder Based on Optimization Design Method of FE
p.118

A Novel Network Traffic Anomaly Detection Based on Multi-Scale Fusion

Article Preview

Abstract:

Detecting network traffic anomaly is very important for network security. But it has high false alarm rate, low detect rate and that can’t perform real-time detection in the backbone very well due to its nonlinearity, nonstationarity and self-similarity. Therefore we propose a novel detection method—EMD-DS, and prove that it can reduce mean error rate of anomaly detection efficiently after EMD. On the KDD CUP 1999 intrusion detection evaluation data set, this detector detects 85.1% attacks at low false alarm rate which is better than some other systems.

You might also be interested in these eBooks
Measuring Technology and Mechatronics Automation View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 48-49)

Pages:

102-105

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.48-49.102

Citation:

Cite this paper

Online since:

February 2011

Authors:

Guo Zhen Cheng, Dong Nian Cheng, He Lei

Keywords:

Anomaly Detection, DDoS, D-S Evidence Theory, Empirical Mode Decomposition (EMD), Multi-Scale Analysis

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2011 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Dempster A. Upper and lower probabilities induced by multi-valued mapping. Annals of Mathematical Statistics, 1967, 38(2): 325–339.

DOI: 10.1214/aoms/1177698950

Google Scholar

[2] M.V. Mahoney and P.K. Chan. PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Technical Report, CS-2001-4, Melbourne: Department of Computer Science, Florida Institute of Technology, (2001).

Google Scholar

[3] M.V. Mahoney and P.K. Chan. Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. of the Eighth international conference on Knowledge discovery and data mining. Edmonton: ACM, 2002. 376–385.

DOI: 10.1145/775047.775102

Google Scholar

[4] L. E,E. Eilertson, A. Lazarevic, et al. The MINDS-Minnesota Intrusion Detection System. Boston: MIT Press, (2004).

Google Scholar

[5] P.A. Porras and P.G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proc. of the 20th National Information Systems Security Conference. Baltimore, 1997. 353–365.

Google Scholar

[6] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, et al. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2000, 34(4): 579–595.

DOI: 10.1016/s1389-1286(00)00139-0

Google Scholar

[7] N. E. Huang, Z. Shen, S. R. Long, et al. The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis. In: Proc. of the Royal Society of London, 1998, A454: 903-995.

DOI: 10.1098/rspa.1998.0193

Google Scholar

[8] ZHUGE Jian-Wei, WANG Da-Wei, CHEN Yu, et al. A Network Anomaly Detector Based on the D-S Evidence Theory. Journal of Software, 2006, 17(3): 463−471. http: /www. jos. org. cn/1000-9825/17/463. htm.

DOI: 10.1360/jos170463

Google Scholar

[9] A. Lakhina, M. Crovella, and C. Diot. Diagnosing Network-Wide Traffic Anomalies. In: Proc. of ACM SIGCOMM. Portland: ACM, (2004).

DOI: 10.1145/1030194.1015492

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.