论文信息 - Network anomaly detection using nonextensive entropy

Network anomaly detection using nonextensive entropy

Detection is a crucial step towards efficiently diagnosing network traffic anomalies within an autonomous system (AS). We propose the adoption of nonextensive entropy - a one-parameter generalization of Shannon entropy - to detect anomalies in network traffic within an AS. Experimental results show that our approach based on nonextensive entropy outperforms previous ones based on classical entropy while providing enhanced flexibility, which is enabled by the possibility of fine-tuning the sensitivity of the detection mechanism.

Artur Ziviani | Antônio Tadeu A. Gomes | Paulo S. S. Rodrigues | Marcelo L. Monsores

[1] C. Tsallis. Possible generalization of Boltzmann-Gibbs statistics , 1988 .

[2] Matthew Roughan,et al. IP forwarding anomalies and improving their detection using multiple data sources , 2004, NetT '04.

[3] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.

[4] E. Jaynes. Information Theory and Statistical Mechanics , 1957 .

[5] Jung-Min Park,et al. An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[6] Donald F. Towsley,et al. Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[7] Juan E. Tapiador,et al. Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[8] Steve Uhlig,et al. Providing public intradomain traffic matrices to the research community , 2006, CCRV.

[9] Sang Joon Kim,et al. A Mathematical Theory of Communication , 2006 .

[10] Ramesh Govindan,et al. Detection and identification of network anomalies using sketch subspaces , 2006, IMC '06.

[11] Christophe Diot,et al. Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[12] Mark Crovella,et al. Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.