CUSUM-based and entropy-based network anomaly detection: An experimental comparison
暂无分享,去创建一个
The impressive growth of the Internet and the ever increasing number of sensitive services together with the unawareness of the risks deriving from information sharing on the net by a significant amount of end-users pose serious security concerns. In such a scenario, Network Anomaly detection, due to its ability to face unknown attacks and new security threats, has attracted many research efforts in the last decade and, as such, a lot of different methods and approaches have been proposed. In this paper we present an extensive performance comparison between two of the most promising anomaly detection methods (namely CUSUM-based and Entropy-based), when applied to real backbone network traffic traces. The experimental results demonstrate that the effectiveness of the considered methods are strongly influenced by the considered traffic descriptors.
[1] Christian Callegari,et al. When randomness improves the anomaly detection performance , 2010, 2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010).
[2] Christian Callegari,et al. Sketch-based multidimensional IDS: A new approach for network anomaly detection , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).