Browse > Article
http://dx.doi.org/10.7472/jksii.2021.22.3.45

Application of Discrete Wavelet Transforms to Identify Unknown Attacks in Anomaly Detection Analysis  

Kim, Dong-Wook (Department of Computer Engineering, Gachon University)
Shin, Gun-Yoon (Department of Computer Engineering, Gachon University)
Yun, Ji-Young (Department of Software, Gachon University)
Kim, Sang-Soo (Agency for Defense Development Songpa)
Han, Myung-Mook (Department of Software, Gachon University)
Publication Information
Journal of Internet Computing and Services / v.22, no.3, 2021 , pp. 45-52 More about this Journal
Abstract
Although many studies have been conducted to identify unknown attacks in cyber security intrusion detection systems, studies based on outliers are attracting attention. Accordingly, we identify outliers by defining categories for unknown attacks. The unknown attacks were investigated in two categories: first, there are factors that generate variant attacks, and second, studies that classify them into new types. We have conducted outlier studies that can identify similar data, such as variants, in the category of studies that generate variant attacks. The big problem of identifying anomalies in the intrusion detection system is that normal and aggressive behavior share the same space. For this, we applied a technique that can be divided into clear types for normal and attack by discrete wavelet transformation and detected anomalies. As a result, we confirmed that the outliers can be identified through One-Class SVM in the data reconstructed by discrete wavelet transform.
Keywords
Unknown Attack; discrete wavelet transform; Anomaly Detection; One-Class SVM;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Lee. W, Stolfo. S. J, "A framework for constructing features and models for intrusion detection systems", ACM transactions on Information and system security, Vol. 3, No. 4, pp. 227-261, 2000. https://doi.org/10.1145/382912.382914   DOI
2 Sen. J, Mehtab. S, "Machine Learning Applications in Misuse and Anomaly Detection", arXiv preprint arXiv:2009.06709, 2020. http://doi.org/10.5772/intechopen.92653
3 Yamada. A, Miyake. Y, Takemori. K, and Tanaka. T, "Intrusion detection system to detect variant attacks using learning algorithms with automatic generation of training data", Proceedings of International Conference on Information Technology: Coding and Computing, Vol. 1. pp. 650-655 2006. https://doi.org/10.1109/ITCC.2005.178   DOI
4 TAN Jun, CHEN Xing-shu, DU Min, and ZHU Kai, "A novel internet traffic identification approach using wavelet packet decomposition and neural network", Journal of Central South University, Vol. 19, No. 8, pp. 2218-2230, 2012. http://doi.org/10.1007/s11771-012-1266-0   DOI
5 Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A Ghorbani, "A detailed analysis of the KDD CUP 99 data set", 2009 IEEE symposium on computational intelligence for security and defense applications, pp. 1-6, 2009. https://doi.org/10.1109/CISDA.2009.5356528   DOI
6 Khraisat. A, Gondal. I, Vamplew. P, and Kamruzzaman. J, "Survey of intrusion detection systems: techniques, datasets and challenges", Cybersecurity, Vol. 2, No. 1, pp. 1-22, 2019. https://doi.org/10.1186/s42400-019-0038-7   DOI
7 Marco A.F. Pimentel, David A. Clifton, Lei Clifton, and Lionel Tarassenko. "A review of novelty detection. Signal Processing", Vol. 99, pp. 215-249, 2014. https://doi.org/10.1016/j.sigpro.2013.12.026   DOI
8 Kliger, Mark, Shachar Fleishman, "Novelty detection with gan", arXiv preprint arXiv:1802.10560, 2018. https://arxiv.org/abs/1802.10560
9 Narsingyani. D, Kale. O, "Optimizing false positive in anomaly based intrusion detection using Genetic algorithm", 2015 IEEE 3rd International Conference on MOOCs Innovation and Technology in Education, pp. 72-77, 2015. https://doi.org/10.1109/MITE.2015.7375291   DOI
10 Golan, Izhak, Ran El-Yaniv, "Deep anomaly detection using geometric transformations", arXiv preprint arXiv:1805.10917, 2018. https://arxiv.org/abs/1805.10917
11 Rashid, Owais, Asdaq Amin, and Mohd Rafi Lone, "Performance Analysis of DWT Families", 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS) IEEE, pp. 1457-1463, 2020. https://dx.doi.org/10.1109/ICISS49785.2020.9315960   DOI
12 Chandola. V, Banerjee. A, Kumar. V, "Anomaly detection: a survey", ACM computing surveys (CSUR), Vol. 41, No. 3, pp. 15-58, 2009. https://doi.org/10.1145/1541880.1541882   DOI
13 Piplai, Aritran, Sai Sree Laya Chukkapalli, and Anupam Joshi, "NAttack! Adversarial Attacks to bypass a GAN based classifier trained to detect Network intrusion." 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). IEEE, 2020. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS49724.2020.00020   DOI
14 Geng, Chuanxing, Sheng-jun Huang, and Songcan Chen, "Recent advances in open set recognition: A survey", IEEE transactions on pattern analysis and machine intelligence, 2020 https://doi.org/10.1109/TPAMI.2020.2981604   DOI
15 Yao Lai, Guolou Ping, Yuexin Wu, Chenhui Lu, and Xiaojun Ye, "OpenSMax: Unknown Domain Generation Algorithm Detection", 24th European Conference on Artificial Intelligence ECAI, Vol. 325, 2020. http://dx.doi.org/10.3233/FAIA200301   DOI
16 Ji. Soo Yeon, Jeong. Bong Keun, Choi. Seonho, and Jeong. Dong Hyun, "A multi-level intrusion detection method for abnormal network behaviors", Journal of Network and Computer Applications, Vol. 62 pp. 9-17, 2016. https://doi.org/10.1016/j.jnca.2015.12.004   DOI
17 Ritesh K. Malaiya, Donghwoon Kwon, Jinoh Kim, Sang C. Suh, Hyunjoo Kim, and Ikkyun Kim, "An empirical evaluation of deep learning for network anomaly detection", 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 893-898, 2018. https://doi.org/10.1109/ICCNC.2018.8390278   DOI
18 Lin, Zilong, Yong Shi, and Zhi Xue, "IDSGAN: Generative adversarial networks for attack generation against intrusion detection." arXiv preprint arXiv:1809.02077, 2018. https://arxiv.org/abs/1809.02077