Network Anomaly Detection Based on Wavelet Analysis

Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, the authors propose a new network signal modeling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, they present fifteen features and use them as the input signals in their system. They then evaluate their approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset.