Um detector de anomalias de tráfego de rede baseado em wavelets
| Ano de defesa: | 2010 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
BR Ciência da Computação UFSM Programa de Pós-Graduação em Informática |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/5367 |
Resumo: | Attacks on computer networks compromises the security of the system and degrade the performance of the network causing problems to users and organizations. Networkbased Intrusion Detection Systems are used to detect attacks or malicious activity by analyzing the network traffic. The anomaly-based detection approach is used for intrusion detection. It is assumed that the presence of traffic anomalies, deviations from standard behavior, is indicative of an attack or malfunction. A major difficulty of an anomaly-based Intrusion Detection System is the construction of the profile due to the complexity of network traffic. Methods derived from Signal Analysis, among which, the Wavelet Transform, have recently demonstrated applicability in detecting anomalies in network. This work proposes a new wavelet-based mechanism to detect network intrusions, through the analysis of descriptors of traffic. The mechanism proposed is based on Discrete Wavelet Transform of signal formed from the traffic descriptors, the calculation of thresholds and direct analysis of wavelet coefficients for detection of anomalies. We assume that an attack generates an anomaly (change) in the traffic pattern, visible in the wavelet coefficients. The detection mechanism is generic, to work with different descriptors, and has low computational complexity, which enhances the real-time analysis. In the experiments, the mechanism demonstrated good detection rate of attacks with few false positives and low processing time. |