首页>
外国专利>
Generalized likelihood ratio test (GLRT) based network intrusion detection system in wavelet domain
Generalized likelihood ratio test (GLRT) based network intrusion detection system in wavelet domain
展开▼
机译:基于小波域的广义似然比测试(GLRT)网络入侵检测系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
An improved system and method for detecting network anomalies comprises, in one implementation, a computer device and a network anomaly detector module executed by the computer device arranged to electronically sniff network traffic data in an aggregate level using a windowing approach. The windowing approach is configured to view the network traffic data through a plurality of time windows each of which represents a sequence of a feature including packet per second or flow per second. The network anomaly detector module is configured to execute a wavelet transform for capturing properties of the network traffic data, such as long-range dependence and self-similarity. The wavelet transform is a multiresolution transform, and can be configured to decompose and simplify statistics of the network traffic data into a simplified and fast algorithm. The network anomaly detector module is also configured to execute a bivariate Cauchy-Gaussian mixture (BCGM) statistical model for processing and modeling the network traffic data in the wavelet domain. The BCGM statistical model is an approximation of α-stable model, and offers a closed-form expression for probability density function to increase accuracy and analytical tractability, and to facilitate parameter estimations when compared to the α-stable model. Finally, the network anomaly detector module is further configured to execute a generalized likelihood ratio test for detecting the network anomalies.
展开▼