Title: Intrusion Detection System with Spectrum Quantification Analysis

Issue Number: Vol. 5, No. 4
Year of Publication: Jan - 2017
Page Numbers: 197-207
Authors: Yusuke Tsuge, Hidema Tanaka
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002219

Abstract:


Intrusion Detection System (IDS) is a countermeasure against network attacks. There are mainly two types of detections; signature-based and anomaly based. Signature-based IDS detects intrusion packets by comparing contents of captured packets with the signature which is characteristic of intrusion packets. On the other hand, anomaly-based IDS detects them from normal behavior that is defined to distinguish normal communications from abnormal ones. Since attackers change their technique rapidly, anomaly-based detection draws research interest nowadays. However, since it is difficult to define normal behavior effectively, some anomaly-based IDS depends on visual identification of operator. To solve these problems, we propose a method using Detection-table which can be determined either normal or abnormal sessions. This method uses Discrete Fourier Transform and Shannon-Hartley theorem to analyze spectrum of each session. They assume fluctuation of spectrum in normal sessions as random and abnormal sessions as biased. To quantify difference between each spectrum and the standard one, we can obtain entropy using Shannon-Hartley theorem. Therefore, from the assumption, when entropy is small, we judge the session is normal, and when it is large, we judge the session is abnormal. By spectrum analysis based on such assumption, it is possible to derive the Detection-table. And we also find out that our quantification method will discover unknown abnormal sessions.