W Liu,HX Duan,P Ren,X Li,JP Wu

DOI: https://doi.org/10.1109/icmlc.2003.1264466

2003-01-01

Abstract:The phenomenal increase in the amounts of network security data are due to the hacker attacks, virus, worm and Slapper etc. Network security log databases are very important in intrusion detection and computer forensics. A lot of data mining methods to research it have been found. Fast and accurate retrievals for content-based queries are crucial for such numerous database systems to be useful. In this paper, a new method is provided to analyze and mine this kind of time-serial database. After signalize the NSD databases, we first represent a DWT wavelet transform analysis algorithm, then present two wavelet-based algorithms GET/spl I.bar/INDICES and QUERY for querying the complex and numerous NSD, and finally give the experimental result using these algorithms.

Sun Donghong,Shu Zhibiao,Liu Wu,Ren Ping,Wu Jian-Ping

DOI: https://doi.org/10.1260/1748-3018.8.1.59

2014-01-01

Journal of Algorithms & Computational Technology

Abstract:Data Analysis of Network Security is very important in intrusion detection and computer forensics. A lot of data mining methods to research it have been found, such as content-based queries and similarity searches to manage and use such data. Fast and accurate retrievals for content-based queries are crucial for such numerous data streams to be useful. In this paper, we apply wavelet transforms into network security to analyze and mine time-serial data streams for the detection of anomalous network security events. We first proposes a wavelet based data analysis framework for network security traffic, and signalize the data stream of network security (DSNS), then after de-noise of DSNS, we use wavelet based transforms to analyze the DSNS and get anomalous events for intrusion detection in computer network security. Experimental results show that, by using wavelet transform, we can decrease the noise signal and keep the useful signals of network security data streams to retrieve anomalous events effectively.

Lan Liu,Zhitang Li,Ling Xu,Huajun Chen

DOI: https://doi.org/10.1109/ICCCAS.2006.284970

2006-01-01

Abstract:As the rapid increase of network security events, network security monitoring and management on network behavior become more and more focused in the fields of computer science. This paper develops a kind of network security management framework using collection, analysis and integration, event-correlation and scenario-analysis technique to process the raw data gathered from hybrid network. Data-mining and wavelet technology are introduced into this framework, which can rapidly identify the types of security events from integrated information by using frequent episodes, wavelet and case-based reasoning. By these means, it can help to analyze the status of network security and then adjust the strategy to secure the network. We have implemented a prototype system following this framework, which can rapidly react to typical security events with visual output of result

XIAO Zheng-hong,PAN Mei-sen,YIN Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.02.099

2007-01-01

Abstract:Network traffic is one of the key properties in LAN as well as WAN,by wavelet analysis,the complex traffic times series can be decomposed into different frequent components.Based on wavelet decomposed,the self-similar of traffic can be used to detect anomaly behavior of network,a method of detecting attacks based on the deviation of Hurst parameter is presented.The changes of Hurst parameter are analyzed and compared in different time scale.Result shows the proposed approach can detect the possible presence of not only an anomaly,but also its location on data set.

L Liu,Zt Li,Y Xu,Cg Mei,Xl Tan

DOI: https://doi.org/10.1109/scc.2005.19

2005-01-01

Abstract:This paper develops a wavelet based distributed ID model approach to analyses network traffic in detail. We adopt wavelet technique to analyze and model ID system to find the attack behavior in network. Our model can post attack characteristic more clearly and, by way of improve the veracity, we compare corresponding network node signals of wavelet decomposition. We simulate attacks and the model can detect attack more precisely than the previous model does.

WANG Yan,ZHANG Yue,HU Ming-zeng

DOI: https://doi.org/10.3969/j.issn.1672-0946.2006.06.016

2006-01-01

Abstract:The distributed denial-of-service(DDoS) leading to network traffic anomaly is growing rapidly.In this paper,a network traffic anomaly detection method based on wavelet transform is proposed.Network traffic is broken down into different frequency,and anomaly change of network traffic is detected through the high-frequency power analysis,that is the change of wavelet variance.In order to enhance the alarm veracity,a LRU Cache is used to filter the long-term flow and part of outburst flow is found.Experiments proved that it is viable attempt to analyze network traffic from the aspect of frequency.

Bo CHEN,Bin-Xing FANG,Xiao-Chun YUN

2007-01-01

Abstract:After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagation worm can quickly spread across the Internet. And every worm incidents can cause severe damage to our society. So it is necessary to build a system that can detect the presence of worm as quickly as possible. This paper first analyzes the worm’s framework and its propagation model. Then, we describe a new monitoring algorithm. Based on the monitoring result, we present an adaptive method to detect un-known worm by using recursive least squares estimation. The experiment result proves that our approach can be effectively, quickly and robust to detect unknown worm.

Gang Chen,Dawei Zhao

DOI: https://doi.org/10.4304/jnw.8.9.2093-2100

2013-01-01

Abstract:This paper concentrates on the information security risk assessment model utilizing the improved wavelet neural network. The structure of wavelet neural network is similar to the multi-layer neural network, which is a feed-forward neural network with one or more inputs. Afterwards, we point out that the training process of wavelet neural networks is made up of four steps until the value of error function can satisfy a pre-defined error criteria. In order to enhance the quality of information security risk assessment, we proposed a modified version of wavelet neural network which can effectively combine all influencing factors in assessing information security risk by linear integrating several weights. Furthermore, the proposed wavelet neural network is trained by the BP algorithm with batch mode, and the weight coefficients of the wavelet are modified with the adopting mode. Finally, a series of experiments are conduct to make performance evaluation. From the experimental results, we can see that the proposed model can assess information security risk accurately and rapidly

Zong-Lin Li,Guang-Min Hu,Xingmiao Yao

DOI: https://doi.org/10.1109/icacia.2009.5361117

2009-01-01

Abstract:Distributed anomalous traffic is difficult to detect, since it is simultaneously dispersed in many links and tend to not present any obvious anomalous features in a single link. This paper proposed a multi-scale spatial detection method against distributed stealthy traffic anomaly, it can deploy early-stage detection on key nodes of network. Multi-scale wavelet packet analysis is performed separately on links at which information is available on each node, with the aim of getting abnormal frequency ranges at different time sections and reconstructing signals with anomalous features. Then from a spatial point of view, evaluate deviation degree of high dimension vectors that composed of reconstructions by kernel density estimation as anomaly indicator. Detection results on both real anomalies of American education backbone network and synthetic distributed anomalies shows, our method performs better than existing method.

Qianmei Wu,Fan Zhang,Shize Guo,Kun Yang,Haoting Shen

DOI: https://doi.org/10.1109/tc.2024.3416682

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:As a common defense against side-channel attacks, random delay insertion introduces noise into the executive flow of encryption, which increases attack complexity. Accordingly, various techniques are exploited to mitigate the defense effect of such insertions. As an advanced mathematical technique, wavelet analysis is considered to be a more effective technology according to its detailed and comprehensive interpretation of signals. In this paper, we propose a unified and fully automated wavelet-based attack framework (denoted as UWAF), whose data processing is kept within one unified wavelet domain, with three enhanced components: denoising, alignment and key extraction. We put forward a new idea of combining machine learning with wavelet analysis to realize the full automation of the program for attack framework, rendering it possible to search exhaustively for the optimal combination of parameter settings in wavelet transform. Our proposal finds a new setting of wavelet parameters that have not been exploited ever before and achieves the performance enhancement for about 20 times fewer traces required for successful key recovery. UWAF is compared with several mainstream attack frameworks. Experimental results show that it outperforms those counterparts, and can be considered as an effective framework-level solution to defeat the countermeasure of random delay insertion.

Sheng Yan,Yu Chen,Yan Song,Minjie Zhu

DOI: https://doi.org/10.1088/1742-6596/1176/3/032052

2019-01-01

Journal of Physics Conference Series

Abstract:As an important part of modern IT infrastructure, network provides great convenience for people to exchange information and share resources. However, network still faces with many threats such as network virus, hacker attacks, data theft and tampering and so on. Network logs includes a lot of valuable information about all behaviours happened in the network. How to analyse these network log to enhance the security of network becomes consequently the focus of many researchers. In this paper, we first design three similarity functions between two network attack records to create the network attack sequences, and then present a PrefixSpan-based frequent attack sequence mining algorithm to identify all frequent attack sequences in network log. The experimental results show that the PrefixSpan-based frequent attack sequence mining algorithm has shorter executing time and less running space than the Apriori algorithm. The PrefixSpan-based frequent attack sequence mining algorithm provides a network log analysing method for intrusion detection.

Jun Gao,Hu Guangmin,Xingmiao Yao,Rocky K. C. Chang

DOI: https://doi.org/10.1109/APCC.2006.255840

2006-01-01

Abstract:The rapid and accurate detection of network traffic anomaly is one of the preconditions to guarantee the effective work of the network. Aiming at the deficiency of present methods of network traffic anomaly detection, we propose a scale-adaptive method based on wavelet packet. By means of wavelet packet decomposition, our method can adjust the decomposition process adaptively, has the same detective ability to the anomaly of various frequency, especially the middle and high frequency ones which can not be checked out by the multi-resolution analysis. By means of adaptive reconstruction of the wavelet packet coefficient of different wavelet domains which anomaly, our method is able to confirm the characteristics of anomaly and enhance the reliability of detection. The simulation results prove that the method can detect the network traffic anomaly efficiently

Jingcheng Zhao,Xiaomeng Li,Yaofu Cao,Junwen Liu,Junlu Yan,Chengwei Li

DOI: https://doi.org/10.1088/1742-6596/2078/1/012067

2021-11-01

Journal of Physics: Conference Series

Abstract:Abstract In recent years, international industrial control network security incidents have occurred frequently. As a core component of the industrial control field, intelligent power control systems are increasingly threatened by external network attacks. Based on the current research status of power industrial control network security, closely combining the development of active monitoring and defense technology in the public network field and the problems encountered by network security operators in actual work, this paper uses data mining methods to study the power control system network security situation awareness technology. Combing operational data collection and integrated processing, situation index screening and extraction, we use wavelet neural network analysis method to train the sampled data set, and finally calculate the true value of the network security status through deep intelligent learning. Finally, we conclude that the artificial intelligence algorithm based on wavelet neural network can be used for power control system network security situation awareness. In actual work, it can predict the situation value for a period of time in the future and assist network security personnel in judgment and decision-making.

Ping Ren,Wu Liu,Ke Liu,Donghong Sun

DOI: https://doi.org/10.1109/IWCDM.2011.36

2011-01-01

Abstract:As the flooding of malicious codes such as worms, how to analyze large number of malicious samples quickly and effectively becomes a great issue for researchers in network security. This paper proposed an analysis algorithm for worm network behavior based on event sequence, which uses the data flow recombination and compression methods to process the pure malicious data. With this algorithm, one can quickly extract the network behavior profile and the signature of the worm. The application of this algorithm will greatly improve the efficiency of analyzing the worm network behavior, which will be significant for the deployment of firewalls and network invasion detection systems.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.

Dingde Jiang,Peng Zhang,Zhengzheng Xu,Cheng Yao,Wenda Qin

DOI: https://doi.org/10.1109/CIS.2011.222

2011-01-01

Abstract:Anomaly traffic often breaks out without any omen and brings a breakdown to networks in a short time, and thus the adaptive detection of anomalies in network traffic is an important and challenging task. In this paper, we propose a wavelet-based adaptive approach to detect anomalies in network traffic. We can use wavelet packet transform and continuous wavelet transform to perform the adaptive detect anomaly. First, wavelet packet transform is exploited to extract the anomaly characteristics on the different scales. Then continue wavelet transform is exploited to obtain the further anomaly information about network traffic. Simulation results show that our method is effective and feasible.

jing yuan,ruixi yuan,xi chen

DOI: https://doi.org/10.15837/ijccc.2014.1.870

IF: 2.635

2014-01-01

International Journal of Computers Communications & Control

Abstract:This paper proposes a novel detection engine, called the Wavelet-Recurrence-Clustering (WRC) detection model, to study the network anomaly detection problem that is widely attractive in Internet security area. The WRC model first applies the wavelet transform and recurrence analysis to calculate the multi-scale dynamic characteristics of network traffic, and then identifies network anomalies through the clustering algorithm with those dynamic characteristics. The evaluation results on DARPA 1999 dataset indicate that the WRC detection model can effectively improve the detection accuracy with a low false alarm

Yanping Zhang,Yang Xiao,Min Chen,Jingyuan Zhang,Hongmei Deng

DOI: https://doi.org/10.1002/sec.324

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:Network security is an important area in computer science. Although great efforts have already been made regarding security problems, networks are still threatened by all kinds of potential attacks, which may lead to huge damage and loss. Log files are main sources for security analysis. However, log files are not user friendly. It is laborious work to obtain useful information from log files. Compared with log files, visualization systems designed for security purposes provide more perceptive and effective sources for security analysis. Most security visualization systems are based on log files. In this paper, we provide a survey on visualization designs for computer network security. In this survey, we looked into different security visual analytics, and we organized them into five categories. Copyright © 2011 John Wiley & Sons, Ltd.

Jia Zhanpei,Shen Chao,Yi Xiao,Chen Yufei,Yu Tianwen,Guan Xiaohong

DOI: https://doi.org/10.1109/coase.2017.8256257

2017-01-01

CASE

Abstract:Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios.

Hu Zhengbing,Li Zhitang,Wu Junqi

DOI: https://doi.org/10.1109/wkdd.2008.48

2008-01-01

Abstract:Network security has been a very important issue, since the rising evolution of the Internet. There has been an increasing need for security systems against the external attacks from the hackers. One important type is the Intrusion Detection System (IDS). There are two major categories of the analysis techniques of IDS: the anomaly detection and the misuse detection. Here we forcus on misuse detection, the misuse detection collected the attack signatures in a database as the same as virus protection software to detect the relate attacks. we propose an algorithm to use the known signature to find the signature of the related attack quickly.