论文信息 - Real time network anomaly detection using relative entropy

Real time network anomaly detection using relative entropy

As the computer networks continue to increase in size, complexity and importance, the network security issue becomes more and more important. In this paper, we propose a real time anomaly detection system based on relative entropy. The proposed system captures the network traffic packets and then uses relative entropy and adaptive filter to dynamically determine the traffic changes and to examine whether the traffic change is normal or contains anomaly. Our experimental results show that the proposed system is efficient for on-line anomaly detection, using traffic trace collected in high-speed links.

[1] Mark Crovella,et al. Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[2] Vyas Sekar,et al. An empirical evaluation of entropy-based traffic anomaly detection , 2008, IMC '08.

[3] George Nychis,et al. An Empirical Evaluation of Entropy-based Anomaly Detection , 2007 .

[4] Donald F. Towsley,et al. Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[5] Gary McGraw,et al. Attacking Malicious Code: A Report to the Infosec Research Council , 2000, IEEE Software.

[6] Aaron Beach,et al. Network Traffic Anomaly Detection and Characterization , 2004 .

[7] Bernhard Plattner,et al. Entropy based worm and anomaly detection in fast IP networks , 2005, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05).

[8] L. M. Adleman,et al. An abstract theory of computer viruses (invited talk) , 1990, CRYPTO 1990.

[9] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[10] Mark Crovella,et al. Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[11] Éric Filiol. Computer Viruses: from Theory to Applications , 2005 .