a wavelet approach to network intrusion detection l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A Wavelet Approach to Network Intrusion Detection PowerPoint Presentation
Download Presentation
A Wavelet Approach to Network Intrusion Detection

Loading in 2 Seconds...

play fullscreen
1 / 76

A Wavelet Approach to Network Intrusion Detection - PowerPoint PPT Presentation


  • 203 Views
  • Uploaded on

A Wavelet Approach to Network Intrusion Detection. W. Oblitey & S. Ezekiel IUP Computer Science Dept. Intrusion Detection: . Provides monitoring of system resources to help detect intrusion and/or identify attacks. Complimentary to blocking devices. Insider attacks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A Wavelet Approach to Network Intrusion Detection' - makan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a wavelet approach to network intrusion detection

A Wavelet Approach to Network Intrusion Detection

W. Oblitey & S. Ezekiel

IUP Computer Science Dept.

Secure IT - 2005

intrusion detection
Intrusion Detection:
  • Provides monitoring of system resources to help detect intrusion and/or identify attacks.
  • Complimentary to blocking devices.
    • Insider attacks.
    • Attacks that use traffic permitted by the firewall.
  • Can monitor the attack after it crosses through the firewall.
  • Helps gather useful information for
    • Detecting attackers,
    • Identifying attackers,
    • Reveal new attack strategies.

Secure IT - 2005

classification
Classification:
  • Intrusion Detection Systems classified according to how they detect malicious activity:
    • Signature detection systems
      • Also called Misuse detection systems
    • Anomaly detection systems
  • Also classified as:
    • Network-based intrusion detection systems
      • Monitor network traffic
    • Host-based intrusion detection systems.
      • Monitor activity on host machines

Secure IT - 2005

signature detection
Signature Detection:
  • Achieved by creating signatures:
    • Models of attack
  • Monitored events compared to models to determine qualification as attacks.
  • Excellent at detecting known attacks.
  • Requires the signatures to be created and entered into the sensor’s database before operation.
  • May generate false alarms (False Positives).
  • Problem:
    • Needs a large number of signatures for effective detection.
    • The database can grow very massive.

Secure IT - 2005

anomaly detection
Anomaly Detection:
  • Creates a model of normal use and looks for activity that does not conform to the model.
  • Problems with this method:
    • Difficulty in creating the model of normal activity
    • If the network already had malicious activity on it, is it ‘normal activity’?
    • Some patterns classified as anomalies may not be malicious.

Secure IT - 2005

network based ids
Network-Based IDS
  • By far the most commonly employed form of Intrusion Detection Systems.
  • To many people, “IDS” is synonymous with “NIDS”.
  • Matured more quickly than the host-based equivalents.
  • Large number of NIDS products available on the market.

Secure IT - 2005

deploying nids
Deploying NIDS
  • Points to consider:
    • Where do sensors belong in the network?
    • What is to be protected the most?
    • Which devices hold critical information assets?
  • Cost effectiveness;
    • We cannot deploy sensors on all network segments.
    • Even not manageable.
    • We need to carefully consider where sensors are to be deployed.

Secure IT - 2005

locations for ids sensors
Locations for IDS Sensors
  • Just inside the firewall.
    • The firewall is a bottleneck for all traffic.
    • All inbound/outbound traffic pass here.
    • The sensor can inspect all incoming and outgoing traffic.
  • On the DMZ.
    • The publicly reachable hosts located here are often get attacked.
    • The DMZ is usually the attacker’s first point of entry into the network.
  • On the server farm segment.
    • We can monitor mission-critical application servers.
      • Example: Financial, Logistical, Human Resources functions.
    • Also monitors insider attacks.
  • On the network segments connecting the mainframe or midrange hosts.
    • Monitor mission-critical devises.

Secure IT - 2005

the network monitoring problem
The Network Monitoring Problem
  • Network-based IDS sensors employ sniffing to monitor the network traffic.
  • Networks using hubs:
    • Can monitor all packets.
    • Hubs transmit every packet out of every connected interface.
  • Switched networks:
    • The sensor must be able to sniff the passing traffic.
    • Switches forward packets only to ports connected to destination hosts.

Secure IT - 2005

monitoring switched networks
Monitoring Switched Networks
  • Use of Switch Port Analyzer (SPAN) configurations.
    • Causes switch to copy all packets destined to a given interface.
    • Transmits packets to the modified port.
  • Use of hubs in conjunction with the switches.
    • The hub must be a fault-tolerant one.
  • Use of taps in conjunction with the switches.
    • Fault-tolerant hub-like devices.
    • Permit only one-way transmission of data out of the monitoring port.

Secure IT - 2005

nids signature types
NIDS Signature Types
  • These look for patterns in packet payloads that indicate possible attacks.
  • Port signatures
    • Watch for connection attempts to a known or frequently attacked ports.
  • Header signatures
    • These watch for dangerous or illogical combinations in packet headers.

Secure IT - 2005

network ids reactions types
Network IDS Reactions Types
  • Typical reactions of network-based IDS with active monitoring upon detection of attack in progress:
    • TCP resets
    • IP session logging
    • Shunning or blocking
  • Capabilities are configurable on per-signature basis:
    • Sensor responds based on configuration.

Secure IT - 2005

tcp reset reaction
TCP Reset Reaction
  • Operates by sending a TCP reset packet to the victim host.
    • This terminates the TCP session.
  • Spoofs the IP address of the attacker.
  • Resets are sent from the sensor’s monitoring/sniffing interface.
  • It can terminate an attack in progress but cannot stop the initial attack packet from reaching the victim.

Secure IT - 2005

ip session logging
IP Session Logging
  • The sensor records traffic passing between the attacker and the victim.
    • Can be very useful in analyzing the attack.
    • Can be used to prevent future attacks.
  • Limitation:
    • Only the trigger and the subsequent packets are logged.
    • Preceding packets are lost.
  • Can impact sensor performance.
  • Quickly consumes large amounts of disk space.

Secure IT - 2005

shunning blocking
Shunning/Blocking
  • Sensor connects to the firewall or a packet-filtering router.
  • Configures filtering rules
    • Blocks packets from the attacker
  • Needs arrangement of proper authentication:
    • Ensures that the sensor can securely log into the firewall or router.
  • A temporary measure that buy time for the administrator.
  • The problem with spoofed source addresses.

Secure IT - 2005

host based ids
Host-based IDS
  • Started in the early 1980s when networks were not do prevalent.
  • Primarily used to protect only critical servers
  • Software agent resides on the protected system
  • Signature based:
    • Detects intrusions by analyzing logs of operating systems and applications, resource utilization, and other system activity
  • Use of resources can have impact on system performance

Secure IT - 2005

hids methods of operation
HIDS Methods of Operation
  • Auditing logs:
    • system logs, event logs, security logs, syslog
  • Monitoring file checksums to identify changes
  • Elementary network-based signature techniques including port activity
  • Intercepting and evaluating requests by applications for system resources before they are processed
  • Monitoring of system processes for suspicious activity

Secure IT - 2005

log file auditing
Log File Auditing
  • Detects past activity
    • Cannot stop the action that set off the alarm from taking place.
  • Log Files:
    • Monitor changes in the log files.
    • New entries for changes logs are compared with HIDS attack signature patterns for match
    • If match is detected, administrator is alerted

Secure IT - 2005

file checksum examination
File Checksum Examination
  • Detects past activity:
    • Cannot stop the action that set off the alarm from taking place.
  • Hashes created only for system files that should not change or change infrequently.
  • Inclusion of frequently changing files is a huge disturbance.
  • File checksum systems, like Tripwire, may also be employed.

Secure IT - 2005

network based techniques
Network-Based Techniques
  • The IDS product monitors packets entering and leaving the host’s NIC for signs of malicious activity.
  • Designed to protect only the host in question.
  • The attack signatures used are not as sophisticated as those used in NIDs.
  • Provides rudimentary network-based protections.

Secure IT - 2005

intercepting requests
Intercepting Requests
  • Intercepts calls to the operating system before they are processed.
  • Is able to validate software calls made to the operating system and kernel.
  • Validation is accomplished by:
    • Generic rules about what processes may have access to resources.
    • Matching calls to system resources with predefined models which identify malicious activity.

Secure IT - 2005

system monitoring
System Monitoring
  • Can preempt attacks before they are executed.
  • This type of monitoring can:
    • Prevent files from being modified.
    • Allow access to data files only to a predefined set of processes.
    • Protect system registry settings from modification.
    • Prevent critical system services from being stopped.
    • Protect settings for users from being modified.
    • Stop exploitation of application vulnerabilities.

Secure IT - 2005

hids software
HIDS Software
  • Deployed by installing agent software on the system.
  • Effective for detecting insider-attacks.
  • Host wrappers:
    • Inexpensive and deployable on all machines
    • Do not provide in-depth, active monitoring measures of agent-based HIDS products
    • Sometimes referred to as personal firewalls
  • Agent-based software:
    • More suited for single purpose servers

Secure IT - 2005

hids active monitoring capabilities
HIDS Active Monitoring Capabilities
  • Options commonly used:
    • Log the event
      • Very good for post mortem analysis
    • Alert the administrator
      • Through email or SNMP traps
    • Terminate the user login
      • Perhaps with a warning message
    • Disable the user account
      • Preventing access to memory, processor time, or disk space.

Secure IT - 2005

advantages of host based ids
Advantages of Host-based IDS
  • Can verify success or failure of attack
    • By reviewing log entries
  • Monitors user and system activities
    • Useful in forensic analysis of the attack
  • Can protect against non-network-based attacks
  • Reacts very quickly to intrusions
    • By preventing access to system resources
    • By immediately identifying a breach when it occurs
  • Does not rely on particular network infrastructure
    • Not limited by switched infrastructures
  • Installed on the protected server itself
    • Does not require additional hardware to deploy
    • Needs no changes to the network infrastructure

Secure IT - 2005

active passive detection
Active/Passive Detection
  • The ability of an IDS to take action when they detect suspicious activity.
  • Passive Systems:
    • Take no action to stop or prevent the activity.
    • They log events.
    • They alert administrators.
    • They record the traffic for analysis.
  • Active Systems:
    • They do all the recordings that passive systems do,
    • They interoperate with firewalls and routers
      • Can cause blocking or shunning
      • They can send TCP resets.

Secure IT - 2005

our approach
Our Approach
  • We present a variant but novel approach of the anomaly detection scheme.
  • We show how to detect attacks without the use of data banks.
  • We show how to correlate multiple inputs to define the basis of a new generation analysis engine.

Secure IT - 2005

signals and signal processing
Signals and signal Processing:
  • Signal definition:
    • A function of independent variables like time, distance, position, temperature, and pressure.
  • Signals play important part in our daily lives
    • Examples: speech, music, picture, and video.
  • Signal Classification:
    • Analog – the independent variable on which the signal depends is continuous.
    • Digital – the independent variable is discrete.
    • Digital signals are presented a a sequence of numbers (samples).
  • Signals carry information
    • The objective of signal processing is to extract this useful information.

Secure IT - 2005

energy of a signal
Energy of a Signal:
  • We can also define a signal as a function of varying amplitude through time.
  • The measure of a signal’s strength is the area under the absolute value of the curve.
  • This measure is referred to as the energy of the signal and is defined as:
    • Energy of continuous signal
    • Energy of discrete signal

Secure IT - 2005

what is wavelet wavelet analysis
What is Wavelet? ( Wavelet Analysis)
  • Wavelets are functions that satisfy certain mathematical requirements and are used to represent data or other functions
  • Idea is not new--- Joseph Fourier--- 1800's
  • Wavelet-- the scale we use to see data plays an important role
  • FT non local -- very poor job on sharp spikes

Waveletdb10

Sine wave

Secure IT - 2005

history of wavelets
History of wavelets
  • 1807 Joseph Fourier- theory of frequency analysis-- any 2pi functions f(x) is the sum of its Fourier Series
  • 1909 Alfred Haar-- PhD thesis-- defined Haar basis function---- it is compact support( vanish outside finite interval)
  • 1930 Paul Levy-Physicist investigated Brownian motion ( random signal) and concluded Haar basis is better than FT
  • 1930's Littlewood Paley, Stein ==> calculated the energy of the function 1960 Guido Weiss, Ronald Coifman-- studied simplest element of functions space called atom
  • 1980 Grossman (physicist) Morlet( Engineer)-- broadly defined wavelet in terms of quantum mechanics
  • 1985 Stephen Mallat--defined wavelet for his Digital Signal Processing work for his Ph.D.
  • Y Meyer constructed first non trivial wavelet
  • 1988 Ingrid Daubechies-- used Mallat work constructed set of wavelets
  • The name emerged from the literature of geophysics, by a route through France. The word onde led to ondelette. Translation wave led to wavelet

Secure IT - 2005

functions
Functions
  • Functions (Science and Engg) often use time as their parameter
  • g(t)-> represent time domain
  • since typical function oscillate – think it as wave– so G(f) where f= frequency of the wave, the function represented in the frequency domain
  • A function g(t) is periodic, there exits a nonzero constant P s.t. g(t+P)=g(t) for all t, where P is called period
    • periodic function has 4 important attributes
      • Amplitude– max value it has in any period
      • Period---2P
      • Frequency f=1/P(inverse)– cycles per second, Hz
      • Phase—Cos is a Sin function with a phase

Secure IT - 2005

fourier haar
Fourier, Haar
  • Amplitude, time  amplitude , frequency
  • 1965 Cooley and Tukey – Fast Fourier Transform
  • Haar

Secure IT - 2005

slide35
CWT
  • continuous wavelet transform (CWT) of a function f(t) a mother wavelet
    • mother wavelet may be real or complex with the following properties
      • 1.the total area under the curve=0,
      • 2. the total area of is finite
      • 3. Admissible condition
          • oscillate above and below the t-axis
          • energy of the function is finite function is localize
    • Infinite number of functions satisfies above conditions– some of them used for wavelet transform
    • example
      • Morlet wavelet
      • Mexican hat wavelet

Secure IT - 2005

slide36
once a wavelet has been chosen , the CWT of a square integrable function f(t) is defined as

* denotes complex conjugate

For any a,

Thus b is a translation parameter

Setting b=0,

Here a is a scaling parameter

a>1 stretch the wavelet and 0<a<1 shrink it

Secure IT - 2005

wavelets
Wavelets

Fourier Transform

CWT = C( scale, position)=

Scaling wave means simply Stretching

(or Shrinking) it

Shifting

f (t) f(t-k)

Secure IT - 2005

wavelets continue
Wavelets Continue
  • Wavelets are basis functions in continuous time
  • A basis is a set of linearly independent function that can be used to produce a function f(t)
  • f(t) = combination of basis function =
  • is constructed from a single mother wave w(t) -- normally it is a small wave-- it start at 0 and ends at t=N
  • Shrunken ( scaled)
  • shifted
  • A typical wavelet compressed j times and shifted k times is
  • Property:- Remarkable property is orthogonality i.e. their inner-products are zero
  • This leads to a simple formula for bjk

Secure IT - 2005

slide39
Haar Transform
    • Digitized sound, image are discrete.  we need discrete wavelet
    • where ck and dj,k are coefficients to be calculated
    • example:- consider the array of 8 values (1,2,3,4,5,6,7,8)
    • 4 average values 4 difference ( detail coefficients)
    • calculate average, and difference for 4 averages
    • continue this way
    • Method is called PYRAMID DECOMPOSITION
  • Haar transform depends on coeff ½, ½ and ½, - ½
  • if we replace 2 by √2 then it is called coarse detail and fine detail

Secure IT - 2005

transforms
Transforms
  • Transform of a signal is a new representation of that signal
  • Example:- signal x0,x1,x2,x3 define y0,y1,y2,y3
  • Questions
    • 1. What is the purpose of y's
    • 2. Can we get back x's
  • Answer for 2: The Transform is invertible-- perfect reconstruction
  • Divide Transform in to 3 groups
    • 1. Lossless( Orthogonal)-- Transformed Signal has the same length
    • 2. Invertible (bi-orthogonal)-- length and angle may change-- no information lost
    • 3. Lossy ( Not invertible)--

Secure IT - 2005

answer to q1 purpose
Answer to Q1: Purpose
  • IT SEES LARGE vs SMALL
  • X0=1.2, X1= 1.0, x2=-1.0, x3=-1.2
  • Y=[2.2 0 -2.2 0]
  • Key idea for wavelets is the concept of " SCALE"
  • We can take sum and difference again==> recursion => Multiresolution
  • Main idea of Wavelet analysis– analyze a function at different scales– mother wavelet use to construct wavelet in different scale and translate each relative to the function being analyzed
  • Z=[ 0 0 4.4 0 ]
  • Reconstruct =====>compression 4:1

Secure IT - 2005

slide49
Real electricity consumption
  • peak in the center, followed by two drops, shallow drop, and then a considerably weaker peak
  • d1 d2 shows the noise
  • d3– presents high value in the beginning and at the end of the main peak, thus allowing us to locate the corresponding peak
  • d4 shows 3 successive peak– this fits the shape of the curve remarkably
  • a1,a2 strong resemblance
  • a3 reasonable---- a4 lost lots of information

Secure IT - 2005

slide54
JPEG (Joint Photographic Experts Group)
  • 1. Color images ( RGB) change into luminance, chrominance, color space
  • 2. color images are down sampled by creating low resolution pixels – not luminance part– horizontally and vertically, ( 2:1 or 2:1, 1:1)– 1/3 +(2/3)*(1/4)= ½ size of original size
  • 3. group 8x8 pixels called data sets– if not multiple of 8– bottom row and right col are duplicated
  • 4. apply DCT for each data set– 64 coefficients
  • 5. each of 64 frequency components in a data unit is divided by a separate number called quantization coefficients (QC) and then rounded into integer
  • 6. QC encode using RLE, Huffman encoding, Arithmetic Encoding ( QM coder)
  • 7. Add Headers, parameters, and output the result
      • interchangeable format= compressed data + all tables need for decoder
      • abbreviated format= compressed data+ not tables ( few tables)
      • abbreviated format =just tables + no compressed data
  • DECODER DO THE REVERSE OF THE ABOVE STEPS

Secure IT - 2005

slide55
JPEG 2000 or JPEG Y2k
  • divide into 3 colors
  • each color is partitioned into rectangular, non-overlapping regions called tiles– that are compressed individually
  • A tile is compressed into 4 main steps
    • 1. compute wavelet transform – sub band of wavelets– integer, fp,---L+1 levels, L is the parameter determined by the encoder
    • 2. wavelet coeff are quantized, -- depends on bit rate
    • 3. use arithmetic encoder for wavelet coefficients
    • 4. construct bit stream– do certain region, no order
  • Bit streams are organized into layers, each layer contains higher resolution image information
  • thus decoding layer by layer is a natural way to achieve progressive image transformation and decompression

Secure IT - 2005

slide58

A

H

D

V

Secure IT - 2005

lowpass filter moving average
Lowpass Filter = Moving Average
  • y(n)= x(n)/2 + x(n-1)/2 here h(0)=1/2 and h(1)=1/2
  • Fits standard form for k=0,1 x= unit impulse
  • x=(...0 0 0 0 1 0 0 0...) then y=(...0 0 1/2 1/2 0 0..)
  • average filter= 1/2 (identity) + 1/2 (delay)
  • Every linear operator acting on a single vector x can be rep by y=Hx
  • main diagonal come from identity--subdiagonal come from delay
  • we have finite (two) coefficients--> FIR finite impulse response
  • low pass==> scaling function
  • It smooth out bumps in the signal(high freq component

Secure IT - 2005

highpass filter moving difference
Highpass Filter Moving Difference
  • y(n)= 1/2[x(n)-x(n-1)]
  • h(0)=1/2
  • h(1)=-1/2
  • y=H1x
  • Filter Bank === Lowpass and Highpass
  • they separate the signal into frequency bank
  • Problem:-- Signal length doubled,
  • both are same size as signal ==> gives double size of the original signal
  • Solution:-- Down Sampling

Secure IT - 2005

down sampling
Down Sampling
  • We can keep half of Ho and H1 and still recover x
  • Save only even-numbered components ( delete odd numbered elements) -- denoted by (↓2)-- decimation
  • (↓2)y = (... y(-4) y(-2)y(0)y(2).......)
  • Filtering + Down sampling ==> Analysis Bank ( brings half size signal)
  • Inverse of this process==> Synthesis bank
  • i,e, Up sampling + Filtering
  • Add even numbered components zeros ( It will bring full size) denoted by (↑2)
  • y = (↓2 y)= (↑2)(↓2 y)

Secure IT - 2005

scaling function and wavelets
Scaling function and Wavelets
  • corresponding to low pass--> there is scaling function
  • corresponding to high pass--> there is wavelet function
  • dilation equation--> scaling function
  • In terms of original low pass filters
  • we have
  • for h(0) and h(1) = 1/2 we have
  • the graph compressed by 2 gives and shifted by 1/2 gives
  • By similar way the wavelet equation

Secure IT - 2005

wavelet packet
Wavelet Packet
  • Walsh-Hadamard transform-- complete binary tree --> wavelet packet
  • "Hadamard matrix"==> all entries are 1 and -1 and all rows are orthogonal-- divide two time by sqrt(2)==> orthogonal & symmetric
  • Compare with wavelet-- computations

sums z0=0

sums y0 and y2

difference z2=4.4

x

sums z1=0.4

difference y1 and y3

difference z3=0

Secure IT - 2005

filters and filter banks
Filters and Filter Banks
  • Filter is a linear time-invariant operator
  • It acts on input vector x --- Out put vector y is the convolution of x with a fixed vector h
  • h--> contains filter coefficients-- our filters are digital not analog-- h(n) are discrete time t= nT,
  • T is sampling period assume it is 1 here
  • x(n) and y(n) comes all the time t= 0, +_ 1....
  • y(n) = Σh(k) x(n-k) = convolution h* x in the time domain
  • Filter Bank= Set of all filters
  • Convolution by hand--- arrange it as ordinary multiplication -- but don't carry digits from one column to another
  • x= 3 2 4 h= 1 5 2
  • x * h = 3 17 20 24 8

Secure IT - 2005

our network topology
Our Network Topology:
  • We set up a star topology network;
    • Four computers in an island
    • Each running Linux RedHat 9.2
    • The machines are connected by a switch
    • The switch is connected to a PIX 515E Firewall
    • 3Com Ethernet Hub sits between the switch and the firewall
      • For Sniffing and capturing packets
  • We duplicated this island six times and connected them with routers.
  • We then connected the islands, via the routers, to a central Cisco switch.
  • For simulation purposes, we installed Windows XP on one machine in island one.

Secure IT - 2005

data collection
DataCollection:
  • We generated packets with a Perl script on a Linux system.
  • We used the three most common protocols for our simulation:
    • HTTP, FTP, and SMTP.
  • For each protocol:
    • We generated a constant traffic;
    • We created 50 datasets each consisting of the number of packets transmitted over two minute intervals.
    • We executed the same traffic scripts with a random pause between 0 and 60 seconds.
    • We then rerun the traffic between 0 and 15 seconds to create additional datasets.
  • We collected all the 150 datasets by Ethereal for further analysis.

Secure IT - 2005

results figure 1
Results: Figure 1

Secure IT - 2005

figure 2
Figure 2

Secure IT - 2005

figure 3
Figure 3

Secure IT - 2005

figure 4
Figure 4

Secure IT - 2005

figure 5
Figure 5

Secure IT - 2005

figure 6
Figure 6

Secure IT - 2005

conclusion future direction
Conclusion & Future Direction
  • We have presented:
    • A wavelet based – framework for network monitoring
    • This is our first phase for the development of an engine for Network Intrusion Analysis
    • This will not depend on databases and thus will minimize false negatives and false positives

Secure IT - 2005

references
References
  • [1] K. Ilgun, A real-time intrusion detection system for UNIX, IEEE Symp. On Security and Privacy, 1993.
  • [2] P.Porras & R. Kemmerer, Penetration State Transition Analysis- A Rule Based Intrusion Detection Approach, Computer Security Applications Conference, 1992
  • [3]http://enterprisesecurity.symantec.com/content/ productlink.cfm
  • [4] http://newsroom.cisco.com/dlls/fspnisapi32b3.html
  • [5] http://www.iss.net
  • [6] A.Haar. Zur Theorie der orthogonalen Funktionensysteme. Mathematische Annalen, 69:331-371, 1910. Also in PhD thesis.
  • [7]A. Grossmann and J. Morlet, Decomposition of Hardy functions into square integrable wavelets of constant shape, SIAM J. Math. Phys., 15 (1984), pp 723-736.
  • [8] Y.Meyer. Ondeletted et operatrurs, Tome 1, Hermann Ed., 1990

Secure IT - 2005

references76
References
  • [9] S. Mallat. A theory for multiresolution signal decomposition: the wavelet representation. IEEE Transactions on pattern recognition and Machine Intelligence, 11(7):674-693, July 1989.
  • [10]I. Daubechies, Ten Lectures on Wavelets, no 61 in CBMS-NSF Series in Applied Mathematics, SIAM, Philadelphia, 1992
  • [11]R. R. Coifman, A real variable characterization of Hp, Studia Math, 51 (1974).
  • [12] R. R. Coifman, Y. Meyer, S. Quake, and M.V. Wickerhauser, Signal Processing and compression with wave packets, in Proceedings of the International Conference on Wavelets, Marseilles, 1989, Y. Meyer, ed., Masson, Paris.
  • [13]S. Ezekiel, Low-dimensional chaotic signal characterization using approximate entropy, 3rd IASTED International Conference Circuits, Signals, and Systems Cancun, May, 2003
  • [14] S. Ezekiel, Heart Rate Variability Signal Processing by Using Wavelet Based Multifractal Analysis, IASTED International Conference, Digital Signal Processing and Control, USA, May , 2001
  • [15]C.E.Shannon "A Mathematical Theory of Communication", Bell Syst. Tech. J., 27,379-423, 623-56.

Secure IT - 2005