Multi-Resolution Analysis with Visualization to Determine Network Attack Patterns

• Published in: Applied sciences Vol. 13; no. 6; p. 3792
• Main Authors: Jeong, Dong Hyun, Jeong, Bong-Keun, Ji, Soo-Yeon
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.03.2023
• Subjects: Accuracy; Algorithms; Analysis; Applications programs; Classification; Clustering; Datasets; Discrete Wavelet Transform; discrete wavelet transformation; Genetic algorithms; intrusion detection analysis; Intrusion detection systems; Knowledge; Machine learning; Malware; Network analysis; Neural networks; Safety and security measures; Software; Support vector machines; Technology application; Traffic; Visualization; Visualization (Computers); Wavelet transforms; Germany
• ISSN: 2076-3417; 2076-3417
• DOI: 10.3390/app13063792

Analyzing network traffic activities is imperative in network security to detect attack patterns. Due to the complex nature of network traffic event activities caused by continuously changing computing environments and software applications, identifying the patterns is one of the challenging research topics. This study focuses on analyzing the effectiveness of integrating Multi-Resolution Analysis (MRA) and visualization in identifying the attack patterns of network traffic activities. In detail, a Discrete Wavelet Transform (DWT) is utilized to extract features from network traffic data and investigate their capability of identifying attacks. For extracting features, various sliding windows and step sizes are tested. Then, visualizations are generated to help users conduct interactive visual analyses to identify abnormal network traffic events. To determine optimal solutions for generating visualizations, an extensive evaluation with multiple intrusion detection datasets has been performed. In addition, classification analysis with three different classification algorithms is managed to understand the effectiveness of using the MRA with visualization. From the study, we generated multiple visualizations associated with various window and step sizes to emphasize the effectiveness of the proposed approach in differentiating normal and attack events by forming distinctive clusters. We also found that utilizing MRA with visualization advances network intrusion detection by generating clearly separated visual clusters.