Title: IDS: Spectrum Quantification Analysis using Discrete Fourier Transform

Year of Publication: Nov - 2016
Page Numbers: 38-46
Authors: Yusuke Tsuge, Hidema Tanaka
Conference Name: The Second International Conference on Electronics and Software Science (ICESS2016)
- Japan


Intrusion Detection System (IDS) is countermeasure against network attack. There are mainly two types of detections; signature-based and anomaly based. Signature-based IDS detects intrusion packet by comparing contents of intrusion packets with the signature which is characteristic of intrusion packets. On the other hand, anomaly-based IDS detects them from normal behavior is defined to distinguish normal communications from abnormal ones. Since attackers change their technique rapidly, anomaly-based detection draws research interest nowadays. However, since it is difficult to define normal behavior effectively, some anomalybased IDS depends on operator’s visual identification. To solve these problems, we propose quantification method using Shannon-Hartley theorem which improves Enkhbold method. This method uses Discrete Fourier Transform to analyze spectrum of each session. They assume fluctuation of spectrum in normal sessions as random and abnormal sessions as biased. To quantify difference between each spectrum and the standard one, we can obtain entropy using Shannon-Hartley theorem. Therefore, from the assumption, when entropy is small, we judge the session is normal, and when it is large, we judge the session is abnormal. By spectrum analysis based on such assumption, it is possible to create the Detection-table which can be determined either normal or abnormal sessions. And we also find out that our quantification method will discover the feature of unknown attack session.