• ŁUKASZ SAGANOWSKI Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789
  • TOMASZ ANDRYSIAK Institute of Telecommunications, University of Technology & Life Sciences in Bydgoszcz ul. Kaliskiego 7, 85-789


The paper presents hybrid anomaly detection preprocessor for SNORT IDS - Intrusion Detection System [1] base on statistical test and DWT - Discrete Wavelet Transform coefficient analysis. Preprocessor increases functionality of SNORT IDS system and has complementary properties. Possibility of detection network anomalies is increased by using two different algorithms. SNORT captures network traffic features which are used by ADS (Anomaly Detection System) preprocessor for detecting anomalies. Chi-square statistical test and DWT subband coefficients energy values are used for calculating of normal network traffic profiles. We evaluated proposed SNORT extension with the use of test network.


SNORT IDS http://

N. Ye, Q. Chen, S.M. Emran, ”Chi-squared statistical

profiling for anomaly detection,” In Proc. IEEE

SMC Inform. Assurance Security Workshop, West

Point, pp. 182-188, 2000

A. Scherrer, N. Larrieu, P. Owezarski, P. Borgant,

P. Abry, Non-Gaussian and Long Memory Statistical

Characterizations for Internet Traffic with

Anomalies, IEEE Trans. On Dependable and Secure

Computing, Vol. 4 No. 1, 2007

M. Chora´s, Ł. Saganowski, R. Renk, W. Hołubowicz,

Statistical and signal-based network traffic

recognition for anomaly detection, In: Expert Systems,

Vol. 29, No. 3, pp. 232-245, July 2012

N. Ye,X. Li, Q. Chen,S. Masum Emran, M. Xu,

Probabilistic techniques for intrusion detection

based on computer audit data, IEEE Trans. On Systems,

Man and Cybernetics-Part A: Systems and

Humans, Vol. 31, No. 4, 2001

A. Dainotti, A. Pescape, G. Ventre, Wavelet-based

Detection of DoS Attacks, IEEE GLOBECOM -

Nov 2006, San Francisco (CA, USA), 2006

L. Wei, A. Ghorbani, Network Anomaly

Detection Based on Wavelet Analysis, In

EURASIP Journal on Advances in Signal Processing,

Vol. 2009, Art.ID 837601, 16 pages,

doi:10.1155/2009/837601, 2009

A. Grossman,J. Morlet, Decompositions of Functions

into Wavelets of Constant Shape, and Related

Transforms, Mathematics and Physics: Lectures an

Recent Results, L. Streit, 1985

W. Sweldens, The Lifting Scheme: A Custom-

Design Construction of Biorthogonal Wavelets,

Applied and Computational Harmonic Analysis,

Vol. 3, No. 15, pp. 186-200, 1996

A. Lakhina, M. Crovella, CH. Diot, Characterization

of network-wide anomalies in traffic flows, In

Proceedings of the 4th ACM SIGCOMM conference

on Internet measurement, pp. 201-206, 2004

BackTrack Linux http://www.backtrack-linux.


Metasploit Framework http://www.metasploit.







Most read articles by the same author(s)