MULTI SCALE TIME SERIES PREDICTION FOR INTRUSION DETECTION

The researchers propose an anomaly-based network intrusion detection system, which analyzes traffic features to detect anomalies. The proposed system can be used both in online as well as off-line mode for detecting deviations from the expected behavior. Although their approach uses network packet or flow data, it is general enough to be adaptable for use with any other network variable, which may be used as a signal for anomaly detection. It differs from most existing approaches in its use of wavelet transform for generating different time scales for a signal and using these scales as an input to a two-stage neural network predictor. The predictor predicts the expected signal value and labels considerable deviations from this value as anomalies. The primary contribution of our work would be to empirically evaluate the effectiveness of multi resolution analysis as an input to neural network prediction engine specifically for the purpose of intrusion detection.