University of Piraeus
In the last years CUSUM based algorithms have emerged as a good basis to develop efficient systems able to detect anomalies and attacks in the network traffic. Nevertheless, such techniques are still far from providing an ideal solution to the problem, mainly because of the huge number of false alarms that characterizes such approaches. For this reason in this paper the authors propose a novel detection method based on the combined use of the CUSUM algorithm and the wavelet analysis. The introduction of the wavelet analysis, as shown by the obtained results, allows them to strongly reduce the false alarm rate of the "Classical" methods, still retaining excellent performance in the detection of network anomalies.