ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Network intrusion detection method based on matrix factorization of their time and frequency representations

  • Received : 2019.11.02
  • Accepted : 2020.05.12
  • Published : 2021.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In the last few years, detection has become a powerful methodology for network protection and security. This paper presents a new detection scheme for data recorded over a computer network. This approach is applicable to the broad scientific field of information security, including intrusion detection and prevention. The proposed method employs bidimensional (time-frequency) data representations of the forms of the short-time Fourier transform, as well as the Wigner distribution. Moreover, the method applies matrix factorization using singular value decomposition and principal component analysis of the two-dimensional data representation matrices to detect intrusions. The current scheme was evaluated using numerous tests on network activities, which were recorded and presented in the KDD-NSL and UNSW-NB15 datasets. The efficiency and robustness of the technique have been experimentally proved.

Keywords

References

  1. A. Kundu, S. Sural, and A. K. Majumdar, Database intrusion detection using sequence alignment, Int. J. Inf. Security 9 (2010), 179-191. https://doi.org/10.1007/s10207-010-0102-5
  2. D. Meyer, Matrix Analysis And Applied Linear Algebra, SIAM, Philadelphia 2000.
  3. H. Demirel, C. Ozcinar, and G. Anbarjafari, Satellite image contrast enhancement using discrete wavelet transform and singular value decomposition, IEEE Geosci. Remote Sens. Lett. 7 (2010), 333-337. https://doi.org/10.1109/LGRS.2009.2034873
  4. N. Halko, P. G. Martinsson, and J. A. Tropp, Finding structure with randomness: Probabilistic algorithms for constructing approximate matrix decompositions, SIAM Rev. 53 (2011), 217-288. https://doi.org/10.1137/090771806
  5. H. Anat and J. Darcy, The impact of denial of service attack announcements on the market value of firms, Risk Manage. Insurance Rev. 6 (2003), 97-121. https://doi.org/10.1046/J.1098-1616.2003.026.x
  6. S. Paliwal and G. Ravindra, Denial-of-service, probing and remote to user (R2L) attack detection using genetic algorithm, Int. J. Comput. Applicat. 60 (2012), 57-62.
  7. S. Antonatos, K. Anagnostakis, and E. Markatos, Generating realistic workloads for network intrusion detection systems, in Proc. ACM Workshop Softw. Performance (Redwood City, CA, USA), Jan. 2004, pp. 1-9.
  8. E. Ireland, Intrusion detection with genetic algorithms and fuzzy logic, in Proc. UMMC SciSenior Seminar Conf. (Morris, MN, USA), 2013, pp. 1-30
  9. K. Scarfone and P. Mell, Special Publication 800-94: Guide to intrusion detection and prevention systems (IDPS), National Institute of Standards and Technology (NIST), 2007.
  10. P. Garcia-Teodoro et al., Anomaly-based network intrusion detection: Techniques, systems and challenges, Comput. Security 28 (2009), 18-28. https://doi.org/10.1016/j.cose.2008.08.003
  11. K. Wang, J. Salvatore, and S. J. Stolfo, Recent Advances in Intrusion Detection, In Anomalous payload-based network intrusion detection, Springer: Berlin Heidelberg, 2007, pp. 203-222.
  12. L. Tan, B. Brotherton, and T. Sherwood, Bit-split string-matching engines for intrusion detection and prevention, ACM Trans. Architecture Code Optimization 3 (2006), 3-34. https://doi.org/10.1145/1132462.1132464
  13. Y. Qu and Q. Lu, Effectively mining network traffic intelligence to detect malicious stealthy port scanning to cloud servers, J. Internet Technol. 15 (2014), 841-852.
  14. K. Watanabe, N. Tsuruoka, and R. Himeno. Performance of network intrusion detection cluster system, in Proc. Int. Symp. High Performance Comput. (Tokyo, Japan), Oct. 2003, pp. 278-287.
  15. M. J. Bastiaans, T. Alieva, and J. Stankovic, On rotated time-frequency kernels, IEEE Signal Process. Lett. 9 (2002), 378-381. https://doi.org/10.1109/LSP.2002.805118
  16. F. Hlawatsch and G. F. Boudreaux-Bartels, Linear and quadratic time-frequency signal representations, IEEE Signal Process Mag. 9 (1992), 21-67. https://doi.org/10.1109/79.127284
  17. L. Cohen, Time-frequency distributions-A review, Proc. IEEE 77 (1989), 941-981. https://doi.org/10.1109/5.30749
  18. S. Chountasis, D. Pappas, and V. N. Katsikis, Signal watermarking in bi-dimensional representations using matrix factorizations, Comput. Appl. Math. 36 (2017), 341-357. https://doi.org/10.1007/s40314-015-0230-7
  19. D. Lay, Linear Algebra and its Applications, 4th ed, Addison-Wesley, Boston, MA, USA, 2012.
  20. H. Liu, C. Xiangdong, and L. Shalini, Understanding modern intrusion detection systems: A survey, arXive preprint, 2017, arXiv:1708.07174v2[cs.CR].
  21. P. Aggarwala and S. K. Sharma, Analysis of KDD dataset attributes- class wise for intrusion detection, Procedia Comput. Sci. 57 (2015), 842-851. https://doi.org/10.1016/j.procs.2015.07.490
  22. N. Moustafa and J. Slay, The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set, Inf. Secur. J. 25 (2016), 18-31. https://doi.org/10.1080/19393555.2015.1125974