Network traffic anomaly detection using EMD and Hilbert-Huan transform
- WCU Author/Contributor (non-WCU co-authors, if there are any, appear on document)
- Jieying Han (Creator)
- Institution
- Western Carolina University (WCU )
- Web Site: http://library.wcu.edu/
- Advisor
- James Zhang
Abstract: Empirical Mode Decomposition (EMD) and Hilbert-Huang Transform (HHT) provide
a means for adaptive data analysis. EMD extracts Intrinsic Mode Functions (IMFs)
that represent the frequency and amplitude characteristics of a signal. HHT generates the
marginal spectrum and energy density level of a signal. The IMFs, the marginal spectrum,
and the energy density level characterize a signal from three different perspectives.
This thesis proposes three novel parameters for network traffic anomaly detection
based on the above three signal characteristics. Hurst parameter of network traffic is calculated
based on the first IMF, and is expanded by introducing a weighted self-similarity
based on the concept of entropy. Pearson’s distance is calculated based on the marginal
spectrum to differentiate normal traffic from abnormal ones. Finally, the slopes of crosscorrelations
are calculated based on the energy density level to detect the rate of energy
change between normal and abnormal internet traffic.
Network traffic anomaly detection using EMD and Hilbert-Huan transform
PDF (Portable Document Format)
1589 KB
Created on 4/1/2013
Views: 5117
Additional Information
- Publication
- Thesis
- Language: English
- Date: 2013
- Subjects
- Hilbert-Huang transform
- Anomaly detection (Computer security) -- Data processing
- Computer networks -- Monitoring -- Data processing