Digital Signal Processing Leveraged for Intrusion Detection
Abstract
This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic statistics are used to construct the time series over which the periodogram analysis is accomplished. These two statistics are packet inter-arrival time and payload size. Three specific attacks from this data set are examined; the Processtable attack, the Dictionary attack and the Teardrop attack. Of the three attacks the NACT was able to detect the Processtable attack with an accuracy of 100%. The Dictionary and Teardrop attacks were also detected with 100% and 85% accuracies respectively. This success in detecting these attacks establishes that digital signal processing methods can be a successful technique for network intrusion detection.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 27, 2008
- Accession Number
- ADA480262
Entities
People
- Theodore J. Erickson
Organizations
- Air Force Institute of Technology