Mining Frequency Content of Network Traffic for Intrusion

This paper presents a novel network intrusion detection method that searches for frequency patterns within the time series created by network traffic signals. The new strategy is aimed for, but not limited to, detecting DOS and Probe attacks. The detection method is based on the observation that such kind of attacks are most likely manipulated by scripted code, which often result in periodicity patterns in either packet streams or the connection arrivals. Thus, by applying Fourier analysis to the time series created by network traffic signals, we could identify whether periodicity patterns exist in the traffic. We demonstrate the effectiveness of this frequency-mining strategy based on the synthetic network intrusion data from the DARPA datasets. The experimental results indicated that the proposed intrusion detection strategy is effective in detecting anomalous traffic data from large-scale time series data that exhibit patterns over time. Our strategy does not depend on prior knowledge of attack signatures, thus it has the potential to supplement any signature-based intrusion detection systems (IDS) and firewalls.