A study of IDS using Discrete Fourier Transform

Abstract

Intrusion Detection System (IDS) detects attacks using pattern files which are known as “signature”. Effectiveness of detection depends on the kind of signature. In this paper, we propose a signature generation method using Discrete Fourier Transform. Our method regards payload between client and server as discrete waveform. Regarding normal communication spectrum as noise, we can clarify the characteristics of attack sessions. From the viewpoint of spectrum analysis, our method detects attack sessions. Furthermore, it has dynamic analysis features like anomaly type of IDS and will be able to detect unknown attack session. Our proposal method simulated using a Kyoto2006+ data set which is currently used as an intrusion detection evaluation. As the result, we have 5% of false positives for detecting attacks.