a wavelet approach to network intrusion detection n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A Wavelet Approach to Network Intrusion Detection PowerPoint Presentation
Download Presentation
A Wavelet Approach to Network Intrusion Detection

Loading in 2 Seconds...

play fullscreen
1 / 76

A Wavelet Approach to Network Intrusion Detection - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

A Wavelet Approach to Network Intrusion Detection. W. Oblitey & S. Ezekiel IUP Computer Science Dept. Intrusion Detection:. Provides monitoring of system resources to help detect intrusion and/or identify attacks. Complimentary to blocking devices. Insider attacks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

A Wavelet Approach to Network Intrusion Detection


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a wavelet approach to network intrusion detection

A Wavelet Approach to Network Intrusion Detection

W. Oblitey & S. Ezekiel

IUP Computer Science Dept.

Secure IT - 2005

intrusion detection
Intrusion Detection:
  • Provides monitoring of system resources to help detect intrusion and/or identify attacks.
  • Complimentary to blocking devices.
    • Insider attacks.
    • Attacks that use traffic permitted by the firewall.
  • Can monitor the attack after it crosses through the firewall.
  • Helps gather useful information for
    • Detecting attackers,
    • Identifying attackers,
    • Reveal new attack strategies.

Secure IT - 2005

classification
Classification:
  • Intrusion Detection Systems classified according to how they detect malicious activity:
    • Signature detection systems
      • Also called Misuse detection systems
    • Anomaly detection systems
  • Also classified as:
    • Network-based intrusion detection systems
      • Monitor network traffic
    • Host-based intrusion detection systems.
      • Monitor activity on host machines

Secure IT - 2005

signature detection
Signature Detection:
  • Achieved by creating signatures:
    • Models of attack
  • Monitored events compared to models to determine qualification as attacks.
  • Excellent at detecting known attacks.
  • Requires the signatures to be created and entered into the sensor’s database before operation.
  • May generate false alarms (False Positives).
  • Problem:
    • Needs a large number of signatures for effective detection.
    • The database can grow very massive.

Secure IT - 2005

anomaly detection
Anomaly Detection:
  • Creates a model of normal use and looks for activity that does not conform to the model.
  • Problems with this method:
    • Difficulty in creating the model of normal activity
    • If the network already had malicious activity on it, is it ‘normal activity’?
    • Some patterns classified as anomalies may not be malicious.

Secure IT - 2005

network based ids
Network-Based IDS
  • By far the most commonly employed form of Intrusion Detection Systems.
  • To many people, “IDS” is synonymous with “NIDS”.
  • Matured more quickly than the host-based equivalents.
  • Large number of NIDS products available on the market.

Secure IT - 2005

deploying nids
Deploying NIDS
  • Points to consider:
    • Where do sensors belong in the network?
    • What is to be protected the most?
    • Which devices hold critical information assets?
  • Cost effectiveness;
    • We cannot deploy sensors on all network segments.
    • Even not manageable.
    • We need to carefully consider where sensors are to be deployed.

Secure IT - 2005

locations for ids sensors
Locations for IDS Sensors
  • Just inside the firewall.
    • The firewall is a bottleneck for all traffic.
    • All inbound/outbound traffic pass here.
    • The sensor can inspect all incoming and outgoing traffic.
  • On the DMZ.
    • The publicly reachable hosts located here are often get attacked.
    • The DMZ is usually the attacker’s first point of entry into the network.
  • On the server farm segment.
    • We can monitor mission-critical application servers.
      • Example: Financial, Logistical, Human Resources functions.
    • Also monitors insider attacks.
  • On the network segments connecting the mainframe or midrange hosts.
    • Monitor mission-critical devises.

Secure IT - 2005

the network monitoring problem
The Network Monitoring Problem
  • Network-based IDS sensors employ sniffing to monitor the network traffic.
  • Networks using hubs:
    • Can monitor all packets.
    • Hubs transmit every packet out of every connected interface.
  • Switched networks:
    • The sensor must be able to sniff the passing traffic.
    • Switches forward packets only to ports connected to destination hosts.

Secure IT - 2005

monitoring switched networks
Monitoring Switched Networks
  • Use of Switch Port Analyzer (SPAN) configurations.
    • Causes switch to copy all packets destined to a given interface.
    • Transmits packets to the modified port.
  • Use of hubs in conjunction with the switches.
    • The hub must be a fault-tolerant one.
  • Use of taps in conjunction with the switches.
    • Fault-tolerant hub-like devices.
    • Permit only one-way transmission of data out of the monitoring port.

Secure IT - 2005

nids signature types
NIDS Signature Types
  • These look for patterns in packet payloads that indicate possible attacks.
  • Port signatures
    • Watch for connection attempts to a known or frequently attacked ports.
  • Header signatures
    • These watch for dangerous or illogical combinations in packet headers.

Secure IT - 2005

network ids reactions types
Network IDS Reactions Types
  • Typical reactions of network-based IDS with active monitoring upon detection of attack in progress:
    • TCP resets
    • IP session logging
    • Shunning or blocking
  • Capabilities are configurable on per-signature basis:
    • Sensor responds based on configuration.

Secure IT - 2005

tcp reset reaction
TCP Reset Reaction
  • Operates by sending a TCP reset packet to the victim host.
    • This terminates the TCP session.
  • Spoofs the IP address of the attacker.
  • Resets are sent from the sensor’s monitoring/sniffing interface.
  • It can terminate an attack in progress but cannot stop the initial attack packet from reaching the victim.

Secure IT - 2005

ip session logging
IP Session Logging
  • The sensor records traffic passing between the attacker and the victim.
    • Can be very useful in analyzing the attack.
    • Can be used to prevent future attacks.
  • Limitation:
    • Only the trigger and the subsequent packets are logged.
    • Preceding packets are lost.
  • Can impact sensor performance.
  • Quickly consumes large amounts of disk space.

Secure IT - 2005

shunning blocking
Shunning/Blocking
  • Sensor connects to the firewall or a packet-filtering router.
  • Configures filtering rules
    • Blocks packets from the attacker
  • Needs arrangement of proper authentication:
    • Ensures that the sensor can securely log into the firewall or router.
  • A temporary measure that buy time for the administrator.
  • The problem with spoofed source addresses.

Secure IT - 2005

host based ids
Host-based IDS
  • Started in the early 1980s when networks were not do prevalent.
  • Primarily used to protect only critical servers
  • Software agent resides on the protected system
  • Signature based:
    • Detects intrusions by analyzing logs of operating systems and applications, resource utilization, and other system activity
  • Use of resources can have impact on system performance

Secure IT - 2005

hids methods of operation
HIDS Methods of Operation
  • Auditing logs:
    • system logs, event logs, security logs, syslog
  • Monitoring file checksums to identify changes
  • Elementary network-based signature techniques including port activity
  • Intercepting and evaluating requests by applications for system resources before they are processed
  • Monitoring of system processes for suspicious activity

Secure IT - 2005

log file auditing
Log File Auditing
  • Detects past activity
    • Cannot stop the action that set off the alarm from taking place.
  • Log Files:
    • Monitor changes in the log files.
    • New entries for changes logs are compared with HIDS attack signature patterns for match
    • If match is detected, administrator is alerted

Secure IT - 2005

file checksum examination
File Checksum Examination
  • Detects past activity:
    • Cannot stop the action that set off the alarm from taking place.
  • Hashes created only for system files that should not change or change infrequently.
  • Inclusion of frequently changing files is a huge disturbance.
  • File checksum systems, like Tripwire, may also be employed.

Secure IT - 2005

network based techniques
Network-Based Techniques
  • The IDS product monitors packets entering and leaving the host’s NIC for signs of malicious activity.
  • Designed to protect only the host in question.
  • The attack signatures used are not as sophisticated as those used in NIDs.
  • Provides rudimentary network-based protections.

Secure IT - 2005

intercepting requests
Intercepting Requests
  • Intercepts calls to the operating system before they are processed.
  • Is able to validate software calls made to the operating system and kernel.
  • Validation is accomplished by:
    • Generic rules about what processes may have access to resources.
    • Matching calls to system resources with predefined models which identify malicious activity.

Secure IT - 2005

system monitoring
System Monitoring
  • Can preempt attacks before they are executed.
  • This type of monitoring can:
    • Prevent files from being modified.
    • Allow access to data files only to a predefined set of processes.
    • Protect system registry settings from modification.
    • Prevent critical system services from being stopped.
    • Protect settings for users from being modified.
    • Stop exploitation of application vulnerabilities.

Secure IT - 2005

hids software
HIDS Software
  • Deployed by installing agent software on the system.
  • Effective for detecting insider-attacks.
  • Host wrappers:
    • Inexpensive and deployable on all machines
    • Do not provide in-depth, active monitoring measures of agent-based HIDS products
    • Sometimes referred to as personal firewalls
  • Agent-based software:
    • More suited for single purpose servers

Secure IT - 2005

hids active monitoring capabilities
HIDS Active Monitoring Capabilities
  • Options commonly used:
    • Log the event
      • Very good for post mortem analysis
    • Alert the administrator
      • Through email or SNMP traps
    • Terminate the user login
      • Perhaps with a warning message
    • Disable the user account
      • Preventing access to memory, processor time, or disk space.

Secure IT - 2005

advantages of host based ids
Advantages of Host-based IDS
  • Can verify success or failure of attack
    • By reviewing log entries
  • Monitors user and system activities
    • Useful in forensic analysis of the attack
  • Can protect against non-network-based attacks
  • Reacts very quickly to intrusions
    • By preventing access to system resources
    • By immediately identifying a breach when it occurs
  • Does not rely on particular network infrastructure
    • Not limited by switched infrastructures
  • Installed on the protected server itself
    • Does not require additional hardware to deploy
    • Needs no changes to the network infrastructure

Secure IT - 2005

active passive detection
Active/Passive Detection
  • The ability of an IDS to take action when they detect suspicious activity.
  • Passive Systems:
    • Take no action to stop or prevent the activity.
    • They log events.
    • They alert administrators.
    • They record the traffic for analysis.
  • Active Systems:
    • They do all the recordings that passive systems do,
    • They interoperate with firewalls and routers
      • Can cause blocking or shunning
      • They can send TCP resets.

Secure IT - 2005

our approach
Our Approach
  • We present a variant but novel approach of the anomaly detection scheme.
  • We show how to detect attacks without the use of data banks.
  • We show how to correlate multiple inputs to define the basis of a new generation analysis engine.

Secure IT - 2005

signals and signal processing
Signals and signal Processing:
  • Signal definition:
    • A function of independent variables like time, distance, position, temperature, and pressure.
  • Signals play important part in our daily lives
    • Examples: speech, music, picture, and video.
  • Signal Classification:
    • Analog – the independent variable on which the signal depends is continuous.
    • Digital – the independent variable is discrete.
    • Digital signals are presented a a sequence of numbers (samples).
  • Signals carry information
    • The objective of signal processing is to extract this useful information.

Secure IT - 2005

energy of a signal
Energy of a Signal:
  • We can also define a signal as a function of varying amplitude through time.
  • The measure of a signal’s strength is the area under the absolute value of the curve.
  • This measure is referred to as the energy of the signal and is defined as:
    • Energy of continuous signal
    • Energy of discrete signal

Secure IT - 2005

what is wavelet wavelet analysis
What is Wavelet? ( Wavelet Analysis)
  • Wavelets are functions that satisfy certain mathematical requirements and are used to represent data or other functions
  • Idea is not new--- Joseph Fourier--- 1800's
  • Wavelet-- the scale we use to see data plays an important role
  • FT non local -- very poor job on sharp spikes

Waveletdb10

Sine wave

Secure IT - 2005

history of wavelets
History of wavelets
  • 1807 Joseph Fourier- theory of frequency analysis-- any 2pi functions f(x) is the sum of its Fourier Series
  • 1909 Alfred Haar-- PhD thesis-- defined Haar basis function---- it is compact support( vanish outside finite interval)
  • 1930 Paul Levy-Physicist investigated Brownian motion ( random signal) and concluded Haar basis is better than FT
  • 1930's Littlewood Paley, Stein ==> calculated the energy of the function 1960 Guido Weiss, Ronald Coifman-- studied simplest element of functions space called atom
  • 1980 Grossman (physicist) Morlet( Engineer)-- broadly defined wavelet in terms of quantum mechanics
  • 1985 Stephen Mallat--defined wavelet for his Digital Signal Processing work for his Ph.D.
  • Y Meyer constructed first non trivial wavelet
  • 1988 Ingrid Daubechies-- used Mallat work constructed set of wavelets
  • The name emerged from the literature of geophysics, by a route through France. The word onde led to ondelette. Translation wave led to wavelet

Secure IT - 2005

functions
Functions
  • Functions (Science and Engg) often use time as their parameter
  • g(t)-> represent time domain
  • since typical function oscillate – think it as wave– so G(f) where f= frequency of the wave, the function represented in the frequency domain
  • A function g(t) is periodic, there exits a nonzero constant P s.t. g(t+P)=g(t) for all t, where P is called period
    • periodic function has 4 important attributes
      • Amplitude– max value it has in any period
      • Period---2P
      • Frequency f=1/P(inverse)– cycles per second, Hz
      • Phase—Cos is a Sin function with a phase

Secure IT - 2005

fourier haar
Fourier, Haar
  • Amplitude, time  amplitude , frequency
  • 1965 Cooley and Tukey – Fast Fourier Transform
  • Haar

Secure IT - 2005

slide35
CWT
  • continuous wavelet transform (CWT) of a function f(t) a mother wavelet
    • mother wavelet may be real or complex with the following properties
      • 1.the total area under the curve=0,
      • 2. the total area of is finite
      • 3. Admissible condition
          • oscillate above and below the t-axis
          • energy of the function is finite function is localize
    • Infinite number of functions satisfies above conditions– some of them used for wavelet transform
    • example
      • Morlet wavelet
      • Mexican hat wavelet

Secure IT - 2005

slide36
once a wavelet has been chosen , the CWT of a square integrable function f(t) is defined as

* denotes complex conjugate

For any a,

Thus b is a translation parameter

Setting b=0,

Here a is a scaling parameter

a>1 stretch the wavelet and 0<a<1 shrink it

Secure IT - 2005

wavelets
Wavelets

Fourier Transform

CWT = C( scale, position)=

Scaling wave means simply Stretching

(or Shrinking) it

Shifting

f (t) f(t-k)

Secure IT - 2005

wavelets continue
Wavelets Continue
  • Wavelets are basis functions in continuous time
  • A basis is a set of linearly independent function that can be used to produce a function f(t)
  • f(t) = combination of basis function =
  • is constructed from a single mother wave w(t) -- normally it is a small wave-- it start at 0 and ends at t=N
  • Shrunken ( scaled)
  • shifted
  • A typical wavelet compressed j times and shifted k times is
  • Property:- Remarkable property is orthogonality i.e. their inner-products are zero
  • This leads to a simple formula for bjk

Secure IT - 2005

slide39
Haar Transform
    • Digitized sound, image are discrete.  we need discrete wavelet
    • where ck and dj,k are coefficients to be calculated
    • example:- consider the array of 8 values (1,2,3,4,5,6,7,8)
    • 4 average values 4 difference ( detail coefficients)
    • calculate average, and difference for 4 averages
    • continue this way
    • Method is called PYRAMID DECOMPOSITION
  • Haar transform depends on coeff ½, ½ and ½, - ½
  • if we replace 2 by √2 then it is called coarse detail and fine detail

Secure IT - 2005

transforms
Transforms
  • Transform of a signal is a new representation of that signal
  • Example:- signal x0,x1,x2,x3 define y0,y1,y2,y3
  • Questions
    • 1. What is the purpose of y's
    • 2. Can we get back x's
  • Answer for 2: The Transform is invertible-- perfect reconstruction
  • Divide Transform in to 3 groups
    • 1. Lossless( Orthogonal)-- Transformed Signal has the same length
    • 2. Invertible (bi-orthogonal)-- length and angle may change-- no information lost
    • 3. Lossy ( Not invertible)--

Secure IT - 2005

answer to q1 purpose
Answer to Q1: Purpose
  • IT SEES LARGE vs SMALL
  • X0=1.2, X1= 1.0, x2=-1.0, x3=-1.2
  • Y=[2.2 0 -2.2 0]
  • Key idea for wavelets is the concept of " SCALE"
  • We can take sum and difference again==> recursion => Multiresolution
  • Main idea of Wavelet analysis– analyze a function at different scales– mother wavelet use to construct wavelet in different scale and translate each relative to the function being analyzed
  • Z=[ 0 0 4.4 0 ]
  • Reconstruct =====>compression 4:1

Secure IT - 2005

slide49
Real electricity consumption
  • peak in the center, followed by two drops, shallow drop, and then a considerably weaker peak
  • d1 d2 shows the noise
  • d3– presents high value in the beginning and at the end of the main peak, thus allowing us to locate the corresponding peak
  • d4 shows 3 successive peak– this fits the shape of the curve remarkably
  • a1,a2 strong resemblance
  • a3 reasonable---- a4 lost lots of information

Secure IT - 2005

slide54
JPEG (Joint Photographic Experts Group)
  • 1. Color images ( RGB) change into luminance, chrominance, color space
  • 2. color images are down sampled by creating low resolution pixels – not luminance part– horizontally and vertically, ( 2:1 or 2:1, 1:1)– 1/3 +(2/3)*(1/4)= ½ size of original size
  • 3. group 8x8 pixels called data sets– if not multiple of 8– bottom row and right col are duplicated
  • 4. apply DCT for each data set– 64 coefficients
  • 5. each of 64 frequency components in a data unit is divided by a separate number called quantization coefficients (QC) and then rounded into integer
  • 6. QC encode using RLE, Huffman encoding, Arithmetic Encoding ( QM coder)
  • 7. Add Headers, parameters, and output the result
      • interchangeable format= compressed data + all tables need for decoder
      • abbreviated format= compressed data+ not tables ( few tables)
      • abbreviated format =just tables + no compressed data
  • DECODER DO THE REVERSE OF THE ABOVE STEPS

Secure IT - 2005

slide55
JPEG 2000 or JPEG Y2k
  • divide into 3 colors
  • each color is partitioned into rectangular, non-overlapping regions called tiles– that are compressed individually
  • A tile is compressed into 4 main steps
    • 1. compute wavelet transform – sub band of wavelets– integer, fp,---L+1 levels, L is the parameter determined by the encoder
    • 2. wavelet coeff are quantized, -- depends on bit rate
    • 3. use arithmetic encoder for wavelet coefficients
    • 4. construct bit stream– do certain region, no order
  • Bit streams are organized into layers, each layer contains higher resolution image information
  • thus decoding layer by layer is a natural way to achieve progressive image transformation and decompression

Secure IT - 2005

slide58

A

H

D

V

Secure IT - 2005

lowpass filter moving average
Lowpass Filter = Moving Average
  • y(n)= x(n)/2 + x(n-1)/2 here h(0)=1/2 and h(1)=1/2
  • Fits standard form for k=0,1 x= unit impulse
  • x=(...0 0 0 0 1 0 0 0...) then y=(...0 0 1/2 1/2 0 0..)
  • average filter= 1/2 (identity) + 1/2 (delay)
  • Every linear operator acting on a single vector x can be rep by y=Hx
  • main diagonal come from identity--subdiagonal come from delay
  • we have finite (two) coefficients--> FIR finite impulse response
  • low pass==> scaling function
  • It smooth out bumps in the signal(high freq component

Secure IT - 2005

highpass filter moving difference
Highpass Filter Moving Difference
  • y(n)= 1/2[x(n)-x(n-1)]
  • h(0)=1/2
  • h(1)=-1/2
  • y=H1x
  • Filter Bank === Lowpass and Highpass
  • they separate the signal into frequency bank
  • Problem:-- Signal length doubled,
  • both are same size as signal ==> gives double size of the original signal
  • Solution:-- Down Sampling

Secure IT - 2005

down sampling
Down Sampling
  • We can keep half of Ho and H1 and still recover x
  • Save only even-numbered components ( delete odd numbered elements) -- denoted by (↓2)-- decimation
  • (↓2)y = (... y(-4) y(-2)y(0)y(2).......)
  • Filtering + Down sampling ==> Analysis Bank ( brings half size signal)
  • Inverse of this process==> Synthesis bank
  • i,e, Up sampling + Filtering
  • Add even numbered components zeros ( It will bring full size) denoted by (↑2)
  • y = (↓2 y)= (↑2)(↓2 y)

Secure IT - 2005

scaling function and wavelets
Scaling function and Wavelets
  • corresponding to low pass--> there is scaling function
  • corresponding to high pass--> there is wavelet function
  • dilation equation--> scaling function
  • In terms of original low pass filters
  • we have
  • for h(0) and h(1) = 1/2 we have
  • the graph compressed by 2 gives and shifted by 1/2 gives
  • By similar way the wavelet equation

Secure IT - 2005

wavelet packet
Wavelet Packet
  • Walsh-Hadamard transform-- complete binary tree --> wavelet packet
  • "Hadamard matrix"==> all entries are 1 and -1 and all rows are orthogonal-- divide two time by sqrt(2)==> orthogonal & symmetric
  • Compare with wavelet-- computations

sums z0=0

sums y0 and y2

difference z2=4.4

x

sums z1=0.4

difference y1 and y3

difference z3=0

Secure IT - 2005

filters and filter banks
Filters and Filter Banks
  • Filter is a linear time-invariant operator
  • It acts on input vector x --- Out put vector y is the convolution of x with a fixed vector h
  • h--> contains filter coefficients-- our filters are digital not analog-- h(n) are discrete time t= nT,
  • T is sampling period assume it is 1 here
  • x(n) and y(n) comes all the time t= 0, +_ 1....
  • y(n) = Σh(k) x(n-k) = convolution h* x in the time domain
  • Filter Bank= Set of all filters
  • Convolution by hand--- arrange it as ordinary multiplication -- but don't carry digits from one column to another
  • x= 3 2 4 h= 1 5 2
  • x * h = 3 17 20 24 8

Secure IT - 2005

our network topology
Our Network Topology:
  • We set up a star topology network;
    • Four computers in an island
    • Each running Linux RedHat 9.2
    • The machines are connected by a switch
    • The switch is connected to a PIX 515E Firewall
    • 3Com Ethernet Hub sits between the switch and the firewall
      • For Sniffing and capturing packets
  • We duplicated this island six times and connected them with routers.
  • We then connected the islands, via the routers, to a central Cisco switch.
  • For simulation purposes, we installed Windows XP on one machine in island one.

Secure IT - 2005

data collection
DataCollection:
  • We generated packets with a Perl script on a Linux system.
  • We used the three most common protocols for our simulation:
    • HTTP, FTP, and SMTP.
  • For each protocol:
    • We generated a constant traffic;
    • We created 50 datasets each consisting of the number of packets transmitted over two minute intervals.
    • We executed the same traffic scripts with a random pause between 0 and 60 seconds.
    • We then rerun the traffic between 0 and 15 seconds to create additional datasets.
  • We collected all the 150 datasets by Ethereal for further analysis.

Secure IT - 2005

results figure 1
Results: Figure 1

Secure IT - 2005

figure 2
Figure 2

Secure IT - 2005

figure 3
Figure 3

Secure IT - 2005

figure 4
Figure 4

Secure IT - 2005

figure 5
Figure 5

Secure IT - 2005

figure 6
Figure 6

Secure IT - 2005

conclusion future direction
Conclusion & Future Direction
  • We have presented:
    • A wavelet based – framework for network monitoring
    • This is our first phase for the development of an engine for Network Intrusion Analysis
    • This will not depend on databases and thus will minimize false negatives and false positives

Secure IT - 2005

references
References
  • [1] K. Ilgun, A real-time intrusion detection system for UNIX, IEEE Symp. On Security and Privacy, 1993.
  • [2] P.Porras & R. Kemmerer, Penetration State Transition Analysis- A Rule Based Intrusion Detection Approach, Computer Security Applications Conference, 1992
  • [3]http://enterprisesecurity.symantec.com/content/ productlink.cfm
  • [4] http://newsroom.cisco.com/dlls/fspnisapi32b3.html
  • [5] http://www.iss.net
  • [6] A.Haar. Zur Theorie der orthogonalen Funktionensysteme. Mathematische Annalen, 69:331-371, 1910. Also in PhD thesis.
  • [7]A. Grossmann and J. Morlet, Decomposition of Hardy functions into square integrable wavelets of constant shape, SIAM J. Math. Phys., 15 (1984), pp 723-736.
  • [8] Y.Meyer. Ondeletted et operatrurs, Tome 1, Hermann Ed., 1990

Secure IT - 2005

references1
References
  • [9] S. Mallat. A theory for multiresolution signal decomposition: the wavelet representation. IEEE Transactions on pattern recognition and Machine Intelligence, 11(7):674-693, July 1989.
  • [10]I. Daubechies, Ten Lectures on Wavelets, no 61 in CBMS-NSF Series in Applied Mathematics, SIAM, Philadelphia, 1992
  • [11]R. R. Coifman, A real variable characterization of Hp, Studia Math, 51 (1974).
  • [12] R. R. Coifman, Y. Meyer, S. Quake, and M.V. Wickerhauser, Signal Processing and compression with wave packets, in Proceedings of the International Conference on Wavelets, Marseilles, 1989, Y. Meyer, ed., Masson, Paris.
  • [13]S. Ezekiel, Low-dimensional chaotic signal characterization using approximate entropy, 3rd IASTED International Conference Circuits, Signals, and Systems Cancun, May, 2003
  • [14] S. Ezekiel, Heart Rate Variability Signal Processing by Using Wavelet Based Multifractal Analysis, IASTED International Conference, Digital Signal Processing and Control, USA, May , 2001
  • [15]C.E.Shannon "A Mathematical Theory of Communication", Bell Syst. Tech. J., 27,379-423, 623-56.

Secure IT - 2005