Greedy Algorithms for Network Anomaly Detection

  • Tomasz Andrysiak
  • Łukasz Saganowski
  • Michał Choraś
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 189)


In this paper we focus on increasing cybersecurity by means of greedy algorithms applied to network anomaly detection task. In particular, we propose to use Matching Pursuit and Orthogonal Matching Pursuit algorithms. The major contribution of the paper is the proposition of 1D KSVD structured dictionary for greedy algorithm as well as its tree based structure representation (clusters). The promising results for 15 network metrics are reported and compared to DWT-based approach.


network anomaly detection cybersecurity greedy algorithms 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Troop, J.A.: Greed is Good: Algorithmic Results for Sparse Approximation. IEEE Transactions on Information Theory 50(10) (2004)Google Scholar
  2. 2.
    Mallat, S.G., Zhang, Z.: Matching Pursuit with time-frequency dictionaries. IEEE Transactions on Signal Processing 41(12), 3397–3415 (1993)MATHCrossRefGoogle Scholar
  3. 3.
    Pati, Y.C., Rezaiifar, R., Krishnaprasad, P.S.: Orthogonal matching pursuit: recursive function approximation with applications to wavelet decomposition. In: Asilomar Conference on Signals, Systems and Computers, vol. 1, pp. 40–44 (1993)Google Scholar
  4. 4.
    Aharon, M., Elad, M., Bruckstein, A.: K-SVD. An algorithm for designing overcomplete dictionaries for sparse representations. IEEE Trans. on Signal Processing 54, 4311–4322 (2006)CrossRefGoogle Scholar
  5. 5.
    Jost, P., Vandergheynst, P., Frossard, P.: Tree-Based Pursuit: Algorithm and Properties. In: Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report, TR-ITS-2005.013 (2005)Google Scholar
  6. 6.
    Choraś, M., Saganowski, Ł., Renk, R., Hołubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems: The Journal of Knowledge Engineering (2011), doi: 10.1111/j.1468-0394.2010.00576.xGoogle Scholar
  7. 7.
    Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set,
  8. 8.
    DeLooze, L.: Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps. In: IEEE Workshop on Information Assurance United States Military Academy, pp. 108–115. West Point, New York (2006)Google Scholar
  9. 9.
    Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009, Article ID 837601, 16 pages (2009), doi:10.1155/2009/837601Google Scholar
  10. 10.
    Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201–206 (2004)Google Scholar
  11. 11.
    Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: IEEE GLOBECOM, San Francisco, CA, USA (November 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tomasz Andrysiak
    • 1
  • Łukasz Saganowski
    • 1
  • Michał Choraś
    • 1
  1. 1.Institute of TelecommunicationsUniversity of Technology & Life Sciences in BydgoszczBydgoszczPoland

Personalised recommendations