A method based on discrete wavelet decomposition of\r\ntraffic data and statistical processing algorithms based on Fisher\r\nand Cochran criteria are proposed for detection of traffic\r\nanomaly in computer and telecommunication networks. Two\r\nsliding windows with two different threshold values are employed\r\nto reduce the level of false alerts. A high efficiency level of\r\ndetection of abnormal traffic spikes is thus guaranteed. The\r\npaper likewise presents an algorithm developed for detecting DoS\r\nand DDoS attacks based on these statistical criteria. Software is\r\ndeveloped in Matlab based on the proposed algorithm. Data sets\r\nmade available by the Lincoln Laboratory of MIT (1999 DARPA\r\nIntrusion Detection Evaluation) were analyzed as the test\r\nsequence. Analysis of experimental results revealed that the\r\nultimate test for detecting an attack is to check if any one of the\r\nstatistical criteria exceeds the upper threshold at the stage of\r\ncoefficients reconstruction.
Loading....