1732-3916
Incoherent Dictionary Learning for Sparse Representation in Network Anomaly Detection
Andrysiak
Tomasz
author
Saganowski
Łukasz
author
UTP University of Science and Technology Institute of Telecommunications
Correspondence to: Tomasz Andrysiak tomasz.andrysiak@utp.edu.pl
Correspondence to: Łukasz Saganowski lukasz.saganowski@utp.edu.pl
11
04
2016
Volume 24
2015
63
71
Copyright © 2016
2016
<p style="text-align: left;">In this article we present the use of sparse representation of a signal and incoherent dictionary learning method for the purpose of network traffic analysis. In learning process we use 1D INK-SVD algorithm to detect proper dictionary structure. Anomaly detection is realized by parameter estimation of the analyzed signal and its comparative analysis to network traffic profiles. Efficiency of our method is examined with the use of extended set of test traces from real network traffic. Received experimental results confirm effectiveness of the presented method.</p>
[
[1] Chora´s M., Saganowski L ., Renk R., Hol ubowicz W., Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems, 2012, 29(3), pp. 232–245.
]
[
[2] Garcia-Teodoro P., Diaz-Verdejo J., Maci´a-Fern´andez G., V´azquez E., Anomalybased network intrusion detection: Techniques, systems and challenges. Computers & security, 2009, 28(1), pp. 18–28.
]
[
[3] Saganowski L ., Goncerzewicz M., Andrysiak T., Anomaly detection preprocessor for snort ids system. In: Image Processing and Communications Challenges 4. Springer 2013, pp. 225–232.
]
[
[4] FP7 INTERSECTION Project, Deliverable d.2.1: Solutions for securing heterogeneous networks: A state of the art analysis.
]
[
[5] Hwang K., Cai M., Chen Y., Qin M., Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. Dependable and Secure Computing, IEEE Transactions on, 2007, 4(1), pp. 41–55.
]
[
[6] Mallat S.G., Zhang Z., Matching pursuits with time-frequency dictionaries. Signal Processing, IEEE Transactions on, 1993, 41(12), pp. 3397–3415.
]
[
[7] Pati Y.C., Rezaiifar R., Krishnaprasad P., Orthogonal matching pursuit: Recursive function approximation with applications to wavelet decomposition. In: Signals, Systems and Computers, 1993. 1993 Conference Record of the TwentySeventh Asilomar Conference on, IEEE, 1993, pp. 40–44.
]
[
[8] Davis G., Mallat S., Avellaneda M., Adaptive greedy approximations. Constructive approximation, 1997, 13(1), pp. 57–98.
]
[
[9] Tropp J.A., Greed is good: Algorithmic results for sparse approximation. Information Theory, IEEE Transactions on, 2004, 50(10), pp. 2231–2242.
]
[
[10] Gribonval R., Fast matching pursuit with a multiscale dictionary of Gaussian chirps. Signal Processing, IEEE Transactions on, 2001, 49(5), pp. 994–1001.
]
[
[11] Elad M., From Exact to Approximate Solutions. In: Sparse and Redundant Representations: From Theory to Applications in Signal and Image Processing. Springer, New York, 2010 pp. 79–109.
]
[
[12] Aharon M., Elad M., Bruckstein A., K-svd: An algorithm for designing overcomplete dictionaries for sparse representation. Signal Processing, IEEE Transactions on, 2006, 54(11), pp. 4311–4322.
]
[
[13] Barchiesi D., Plumbley M.D., Learning incoherent dictionaries for sparse approximation using iterative projections and rotations. Signal Processing, IEEE Transactions on, 2013, 61(8), pp. 2055–2065.
]
[
[14] Snort – intrusion detection system. https://www.snort.org/, Accessed: 2014-1230.
]
[
[15] Dainotti A., Pescap´e A., Ventre G., Wavelet-based detection of dos attacks. In: Global Telecommunications Conference, 2006. GLOBECOM’06. IEEE, IEEE, 2006, pp. 1–6.
]
[
[16] Kali linux. https://www.kali.org/, Accessed: 2014-12-30.
]
[
[17] Defense advanced research projects agency darpa intrusion detection evaluation data set. http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html, Accessed: 2014-12-30.
]