Entropy-based network anomaly Detection

Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. In this paper we propose a novel intrusion detection system that performs anomaly detection by studying the variation in the entropy associated to the network traffic. To this aim, the traffic is first aggregated by means of random data structures (namely three-dimension reversible sketches) and then the entropy of different traffic descriptors is computed by using several definitions of entropy. The experimental results obtained over the MAWILab dataset validate the system and demonstrate the effectiveness of our proposal.

[1]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[2]  Christian Callegari,et al.  On the Use of Compression Algorithms for Network Anomaly Detection , 2009, 2009 IEEE International Conference on Communications.

[3]  V. Sangeetha,et al.  Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud , 2013, ArXiv.

[4]  Christian Callegari,et al.  Sketch-based multidimensional IDS: A new approach for network anomaly detection , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[5]  Bernhard Plattner,et al.  Entropy based worm and anomaly detection in fast IP networks , 2005, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05).

[6]  C. Tsallis Possible generalization of Boltzmann-Gibbs statistics , 1988 .

[7]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[8]  Jianhua Lin,et al.  Divergence measures based on the Shannon entropy , 1991, IEEE Trans. Inf. Theory.

[9]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[10]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[11]  Lele Zhang,et al.  Learning Entropy , 2011, Networking.

[12]  Christian Callegari,et al.  When randomness improves the anomaly detection performance , 2010, 2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010).

[13]  Artur Ziviani,et al.  Network anomaly detection using nonextensive entropy , 2007, IEEE Communications Letters.

[14]  Mikkel Thorup,et al.  Tabulation based 4-universal hashing with applications to second moment estimation , 2004, SODA '04.

[15]  Huaiyu Zhu On Information and Sufficiency , 1997 .

[16]  Marcin Szpyrka,et al.  An Entropy-Based Network Anomaly Detection Method , 2015, Entropy.

[17]  S. Muthukrishnan,et al.  Data streams: algorithms and applications , 2005, SODA '03.

[18]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[19]  Francisco Marcos de Assis,et al.  A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection , 2011, 2011 IEEE International Workshop on Measurements and Networking Proceedings (M&N).

[20]  Didier Sornette,et al.  Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics , 2009, PAM.

[21]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[22]  Yan Chen,et al.  Reversible sketches for efficient and accurate change detection over network data streams , 2004, IMC '04.

[23]  Mahdi Abadi,et al.  DroidMalHunter: A novel entropy-based anomaly detection system to detect malicious Android applications , 2015, 2015 5th International Conference on Computer and Knowledge Engineering (ICCKE).