Intrusion and anomaly detection in computer networks using signal processing approaches

Jordan, Timothy J. (2010) Intrusion and anomaly detection in computer networks using signal processing approaches. [USQ Project] (Unpublished)

[img]
Preview
PDF
Jordan_2010.pdf

Download (1737Kb)

Abstract

[Abstract]: Computer network problems can often be time consuming and frustrating to resolve. An inefficient yet heavily used method for resolving these problems is the manual inspection of performance data and using 'trial and error' methods, until the system is working again. Normally the actual cause of the problem, is only resolved post-mortem by inspecting the various network data available. The aim of this paper is to research and test signal processing techniques and how they can be applied to various data produced by computer network anomalies. More specifically, the properties of different network events will be characterised and the data that makes up those characteristics will be extracted and analysed using a modified cumulative sum algorithm. Network events that will be covered are Denial of Service SYN flood attack, Flash Crowd and DNS server failure. The characteristics will extracted by analysing traffic matching certain properties, such as its IP/TCP protocol, source and destination address or what TCP flags are set on each packet. To apply the signal processing techniques, data is required so that it can be processed by the signal processing system. To achieve this the network anomalies were simulated in a test network and the traffic was captured during the simulations. The traffic was then put through the analysis system. The signal processing technique used mainly was the Cumulative Sum algorithm. The algorithm was used inside of a change detection system. Results from the change detection system were promising, as changes in states and state properties were able to be detected.


Statistics for USQ ePrint 19019
Statistics for this ePrint Item
Item Type: USQ Project
Refereed: No
Item Status: Live Archive
Depositing User: epEditor USQ
Faculty / Department / School: Historic - Faculty of Engineering and Surveying - Department of Electrical, Electronic and Computer Engineering
Date Deposited: 03 May 2011 03:43
Last Modified: 03 Jul 2013 00:38
Uncontrolled Keywords: computer networks; Digital Signal Processing (DSP); Cumulative Sum algorithm; computer network traffic control
Fields of Research (FOR2008): 09 Engineering > 0906 Electrical and Electronic Engineering > 090609 Signal Processing
10 Technology > 1005 Communications Technologies > 100503 Computer Communications Networks
URI: http://eprints.usq.edu.au/id/eprint/19019

Actions (login required)

View Item Archive Repository Staff Only