Application of Wavelets and Self-similarity to Enterprise Network Intrusion Detection and Prevention Systems

Abstract

Securing enterprise networks has so far been considered under two broad topics (i. e. intrusion detection systems - IDS and intrusion prevention systems - IPS). So far, there is no algorithm, which guarantees absolute protection for a given network from intruders. Most existing IDS and IPS techniques introduce high false positive and false negative rates, which need to be eliminated or reduced considerably. This paper will concentrate on network packets behavior leading to network-based intrusion detection. It will employ anomaly detection as its analysis strategy. In the field of signal analysis, the methods of wavelet transform have gotten wide application because of its unique merit. That idea will be tapped in this paper. The self-similarity property of real network traffic will be used together with the signal detection abilities of wavelets in detecting attacks. The technique used here will also try to reduce the effectiveness of distributed attacks, which deny authorized users access to system resources. Securing of all network security data, which is an important limitation to existing IDS and IPS is ensured by this technique.