Network Traffic Anomaly Detection Based on Wavelet Analysis

Zhen Du; Lipeng Ma; Huakang Li; Qun Li; Guozi Sun; Zichang Liu

doi:10.1109/SERA.2018.8477230

Network Traffic Anomaly Detection Based on Wavelet Analysis

Zhen Du, Lipeng Ma, Huakang Li, Qun Li, Guozi Sun, Zichang Liu

Jiangsu Province Key Lab of Big Data Security and Intelligent Processing

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

21 Citations (Scopus)

Abstract

Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.

Original language	English
Title of host publication	Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018
Editors	Xiaohui Cui, Junfeng Wang, Zhi Jin, Zhengtao Yu, Shaowen Yao, Bing Luo
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	94-101
Number of pages	8
ISBN (Electronic)	9781538658864
DOIs	https://doi.org/10.1109/SERA.2018.8477230
Publication status	Published - 28 Sept 2018
Externally published	Yes
Event	16th IEEE/ACIS International Conference on Software Engineering Research, Management and Application, SERA 2018 - Kunming, China Duration: 13 Jun 2018 → 15 Jun 2018

Publication series

Name	Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018

Conference

Conference	16th IEEE/ACIS International Conference on Software Engineering Research, Management and Application, SERA 2018
Country/Territory	China
City	Kunming
Period	13/06/18 → 15/06/18

Keywords

Anomaly Detection
Feature Extraction
Network Traffic
Wavelet Analysis

Access to Document

10.1109/SERA.2018.8477230

Cite this

Du, Z., Ma, L., Li, H., Li, Q., Sun, G., & Liu, Z. (2018). Network Traffic Anomaly Detection Based on Wavelet Analysis. In X. Cui, J. Wang, Z. Jin, Z. Yu, S. Yao, & B. Luo (Eds.), Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018 (pp. 94-101). Article 8477230 (Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SERA.2018.8477230

Du, Zhen ; Ma, Lipeng ; Li, Huakang et al. / Network Traffic Anomaly Detection Based on Wavelet Analysis. Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018. editor / Xiaohui Cui ; Junfeng Wang ; Zhi Jin ; Zhengtao Yu ; Shaowen Yao ; Bing Luo. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 94-101 (Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018).

@inproceedings{08bbb3744e0b408b9c584f67e3ece4a1,

title = "Network Traffic Anomaly Detection Based on Wavelet Analysis",

abstract = "Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.",

keywords = "Anomaly Detection, Feature Extraction, Network Traffic, Wavelet Analysis",

author = "Zhen Du and Lipeng Ma and Huakang Li and Qun Li and Guozi Sun and Zichang Liu",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 16th IEEE/ACIS International Conference on Software Engineering Research, Management and Application, SERA 2018 ; Conference date: 13-06-2018 Through 15-06-2018",

year = "2018",

month = sep,

day = "28",

doi = "10.1109/SERA.2018.8477230",

language = "English",

series = "Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "94--101",

editor = "Xiaohui Cui and Junfeng Wang and Zhi Jin and Zhengtao Yu and Shaowen Yao and Bing Luo",

booktitle = "Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018",

}

Du, Z, Ma, L, Li, H, Li, Q, Sun, G & Liu, Z 2018, Network Traffic Anomaly Detection Based on Wavelet Analysis. in X Cui, J Wang, Z Jin, Z Yu, S Yao & B Luo (eds), Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018., 8477230, Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018, Institute of Electrical and Electronics Engineers Inc., pp. 94-101, 16th IEEE/ACIS International Conference on Software Engineering Research, Management and Application, SERA 2018, Kunming, China, 13/06/18. https://doi.org/10.1109/SERA.2018.8477230

Network Traffic Anomaly Detection Based on Wavelet Analysis. / Du, Zhen; Ma, Lipeng; Li, Huakang et al.
Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018. ed. / Xiaohui Cui; Junfeng Wang; Zhi Jin; Zhengtao Yu; Shaowen Yao; Bing Luo. Institute of Electrical and Electronics Engineers Inc., 2018. p. 94-101 8477230 (Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - Network Traffic Anomaly Detection Based on Wavelet Analysis

AU - Du, Zhen

AU - Ma, Lipeng

AU - Li, Huakang

AU - Li, Qun

AU - Sun, Guozi

AU - Liu, Zichang

PY - 2018/9/28

Y1 - 2018/9/28

N2 - Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.

AB - Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.

KW - Anomaly Detection

KW - Feature Extraction

KW - Network Traffic

KW - Wavelet Analysis

UR - http://www.scopus.com/inward/record.url?scp=85055856040&partnerID=8YFLogxK

U2 - 10.1109/SERA.2018.8477230

DO - 10.1109/SERA.2018.8477230

M3 - Conference Proceeding

AN - SCOPUS:85055856040

T3 - Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018

SP - 94

EP - 101

BT - Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018

A2 - Cui, Xiaohui

A2 - Wang, Junfeng

A2 - Jin, Zhi

A2 - Yu, Zhengtao

A2 - Yao, Shaowen

A2 - Luo, Bing

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 16th IEEE/ACIS International Conference on Software Engineering Research, Management and Application, SERA 2018

Y2 - 13 June 2018 through 15 June 2018

ER -

Du Z, Ma L, Li H, Li Q, Sun G, Liu Z. Network Traffic Anomaly Detection Based on Wavelet Analysis. In Cui X, Wang J, Jin Z, Yu Z, Yao S, Luo B, editors, Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 94-101. 8477230. (Proceedings - 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, SERA 2018). doi: 10.1109/SERA.2018.8477230

Network Traffic Anomaly Detection Based on Wavelet Analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this