Network traffic anomaly detection using weighted self-similarity based on EMD
- Resource Type
- Conference
- Authors
- Han, Jieying; Zhang, James Z.
- Source
- 2013 Proceedings of IEEE Southeastcon Southeastcon, 2013 Proceedings of IEEE. :1-5 Apr, 2013
- Subject
- Computing and Processing
Communication, Networking and Broadcast Technologies
Components, Circuits, Devices and Systems
Signal Processing and Analysis
Robotics and Control Systems
Testing
Empirical mode decomposition
Security
Wavelet transforms
Real-time systems
Time series analysis
Network traffic
Anomaly detection
Weighted self-similarity
Empirical Mode Decomposition (EMD)
Intrinsic Mode Function (IMF)
- Language
- ISSN
- 1091-0050
1558-058X
Network traffic anomaly detection is an important part in network security. Identifying abnormal activities in a timely manner has been a demand in network anomaly detection. Conventional detection methods include Hurst parameter method, wavelet transform and Markov model. This article proposes a new method using weighted self-similarity parameter to detect abnormal activities over the internet. By performing a real-time Empirical Mode Decomposition (EMD) on the network traffic, we calculate the weighted self-similarity parameter based on the first Intrinsic Mode Function to analyze and detect suspicious activities. This approach provides the benefits of faster and accurate detection, as well as low computational cost.