ON TUNING REDUNDANT DICTIONARY PARAMETERS IN SIGNAL-BASED ANOMALY DETECTION SYSTEM
In our previous work innovative recognition algorithm applied to Anomaly Detection System has been presented. We proposed to use Matching Pursuit Mean Projection (MP-MP) of the reconstructed network signal to recognize anomalies in network traffic. In this paper we focus on evaluation of parameters of the redundant dictionary used in our methodology. In the experimental section we present the results of tuning the parameters of the redundant dictionary used in our system.
L. Saganowski, M. Choras, R. Renk, W. Holubowicz, A Novel Signal-Based Approach to Anomaly Detection in IDS Systems, M. Kolehmainen et al. (Eds.): Adaptive and Natural Computing Algorithms, ICANNGA 2009, LNCS 5495, pp.527536, Springer 2009
M. Choras, L. Saganowski, R. Renk, R. Kozik, W. Holubowicz, Recognizing Anomalies/Intrusions in Heterogeneous Networks, in M.Kurzynski and M.Wozniak (Eds.): Computer Recognition Sys. 3, AISC 57, pp. 619-627, Springer-Verlag, 2009
L. Saganowski, M. Choras, R. Renk, W. Holubowicz, Anomaly Detection System based on Redundant Dictionary of Base Functions, In: Image Processing and Communications Challenges, 443-449, EXIT, 2009
S. Mallat and Zhang, Matching Pursuit with time-frequency dictionaries, IEEE Transactions on Signal Processing, vol.41, no 12, pp. 3397-3415, Dec 1993
J. A. Troop, Greed is Good: Algorithmic Results for Sparse Approximation, IEEE Transactions on Information Theory, vol. 50, no. 10, October 2004
R. Gribonval, Fast Matching Pursuit with a Multiscale Dictionary of Gaussian Chirps, IEEE Transactions on Signal Processing, vol. 49, no. 5, may 2001.
P. Jost, P. Vandergheynst and P. Frossard, Tree-Based Pursuit: Algorithm and Properties, Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report, TR-ITS2005.013, May 17th, 2005
E. Kajan, Information technology encyclopedia and acronyms, Springer, Berlin Heidelberg, New York, 2002
WIDE Project: MAWI Working Group Traffic Archive at tracer.csl.sony.co.jp/mawi/
The CAIDA Dataset on the Witty Worm - March 19-24, 2004, Colleen Shanon and David Moore, www.caida.org/passive/witty.
L. Coppolino, S. DAntonio, M. Esposito, and L. Romano, Exploiting diversity and correlation to improve the performance of intrusion detection systems, Proc of IFIP/IEEE International Conference on Network and Service, 2009.