SNORT IDS HYBRID ADS PREPROCESSOR
Abstract
The paper presents hybrid anomaly detection preprocessor for SNORT IDS - Intrusion Detection System [1] base on statistical test and DWT - Discrete Wavelet Transform coefficient analysis. Preprocessor increases functionality of SNORT IDS system and has complementary properties. Possibility of detection network anomalies is increased by using two different algorithms. SNORT captures network traffic features which are used by ADS (Anomaly Detection System) preprocessor for detecting anomalies. Chi-square statistical test and DWT subband coefficients energy values are used for calculating of normal network traffic profiles. We evaluated proposed SNORT extension with the use of test network.
References
SNORT IDS http://http://www.snort.org/
N. Ye, Q. Chen, S.M. Emran, ”Chi-squared statistical
profiling for anomaly detection,” In Proc. IEEE
SMC Inform. Assurance Security Workshop, West
Point, pp. 182-188, 2000
A. Scherrer, N. Larrieu, P. Owezarski, P. Borgant,
P. Abry, Non-Gaussian and Long Memory Statistical
Characterizations for Internet Traffic with
Anomalies, IEEE Trans. On Dependable and Secure
Computing, Vol. 4 No. 1, 2007
M. Chora´s, Ł. Saganowski, R. Renk, W. Hołubowicz,
Statistical and signal-based network traffic
recognition for anomaly detection, In: Expert Systems,
Vol. 29, No. 3, pp. 232-245, July 2012
N. Ye,X. Li, Q. Chen,S. Masum Emran, M. Xu,
Probabilistic techniques for intrusion detection
based on computer audit data, IEEE Trans. On Systems,
Man and Cybernetics-Part A: Systems and
Humans, Vol. 31, No. 4, 2001
A. Dainotti, A. Pescape, G. Ventre, Wavelet-based
Detection of DoS Attacks, IEEE GLOBECOM -
Nov 2006, San Francisco (CA, USA), 2006
L. Wei, A. Ghorbani, Network Anomaly
Detection Based on Wavelet Analysis, In
EURASIP Journal on Advances in Signal Processing,
Vol. 2009, Art.ID 837601, 16 pages,
doi:10.1155/2009/837601, 2009
A. Grossman,J. Morlet, Decompositions of Functions
into Wavelets of Constant Shape, and Related
Transforms, Mathematics and Physics: Lectures an
Recent Results, L. Streit, 1985
W. Sweldens, The Lifting Scheme: A Custom-
Design Construction of Biorthogonal Wavelets,
Applied and Computational Harmonic Analysis,
Vol. 3, No. 15, pp. 186-200, 1996
A. Lakhina, M. Crovella, CH. Diot, Characterization
of network-wide anomalies in traffic flows, In
Proceedings of the 4th ACM SIGCOMM conference
on Internet measurement, pp. 201-206, 2004
BackTrack Linux http://www.backtrack-linux.
org/
Metasploit Framework http://www.metasploit.
com