Wavelets based anomaly-based detection system or J48 and naïve bayes based signature-based detection system: A comparison

Abstract

Network intrusion detection systems are divided into two categories, namely signature-based detection systems (SbDS) and anomaly-based detection systems (AbDS). In this paper, we have compared results of detection techniques for SbDS and AbDS for big datasets. Under AbDS, wavelets have been used as a signal processing tool to compute Hurst Index (H), used as a measure for computing degree of self-similarity in network traffic. Deviations beyond threshold were used to detect presence of network anomalies. Under SbDS, two main classification techniques based on J48 and Naïve Bayes have been used to explore the possibilities of having best achievable accuracy with least number of parameters from a big dataset of 41 features. The results of both methodologies have been analyzed for choosing appropriate technique under given constraints.