Detecting Denial-of-Service attacks using the wavelet transform

Anomaly-based intrusion detection is a crucial research issue as it permits to identify attacks that does not necessarily have known signatures. However, approaches using anomalies often consume more resources than those based on misuse detection and have a higher false alarm rate. This paper presents an efficient anomaly analysis method that is proved to be more efficient and less complex than the existing techniques. The approach relies on monitoring the security state by using a set of accurate metrics. The Wavelet Transform (WT) is used to decompose these metrics in the time-scale space. Attacks are viewed as Lipschitz singularities that arise in some specific points of time. Henceforth, the anomaly detection process is performed through processing the signals representing the metrics. The proposed approach is also shown to be extensible to the case where the monitoring points, used to gather the measurable features, are distributed according to the network topology.