Skip to main content
SpringerLink
Log in

Entropy-Based Internet Traffic Anomaly Detection: A Case Study

  • Conference paper
Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. June 30 – July 4, 2014, Brunów, Poland

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 286))

Abstract

Recently, entropy measures have shown a significant promise in detecting diverse set of network anomalies. While many different forms of entropy exist, only a few have been studied in the context of network anomaly detection. In the paper, results of our case study on entropy-based IP traffic anomaly detection are prestented. Besides the well-known Shannon approach and counter-based methods, variants of Tsallis and Renyi entropies combined with a set of feature distributions were employed to study their performance using a number of representative attack traces. Results suggest that parameterized entropies with a set of correctly selected feature distributions perform better than the traditional approach based on the Shannon entropy and counter-based methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Verizon Risk Team ‘Data Breach Investigations report’, Verizon (2012)

    Google Scholar 

  2. Nychis, G., et al.: An Empirical Evaluation of Entropy-based Traffic Anomaly Detection. In: ACM SIGCOMM Conference on Internet Measurement (2008)

    Google Scholar 

  3. Ruoyu, Y., et al.: Multi-scale entropy and renyi cross entropy based traffic anomaly detection. In: IEEE International Conference on Communication Systems, ICCS (2008)

    Google Scholar 

  4. Ziviani, A., et al.: Network Anomaly Detection using Nonextensive Entropy. IEEE Communications Letters 11(12) (2007)

    Google Scholar 

  5. Tellenbach, B.: Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics. Dis. Th., Elektro-Technische Hohschule Zurich (2012)

    Google Scholar 

  6. Eimann, R.: Network Event Detection with Entropy Measures. Dis. Th., University of Auckland (2008)

    Google Scholar 

  7. Chandola, V., et al.: Anomaly detection: A survey. ACM Comput. Surv. 41(3) (2009)

    Google Scholar 

  8. Brauckhoff, D.: Network Traffic anomaly Detection and Classification. Dis. Th., Elektro-Technische Hohschule Zurich (2010)

    Google Scholar 

  9. Pawelec, J., et al.: Entropy Measures For Internet Traffic Anomaly Detection. In: TransComp Conference on Computer Systems, Industry and Transport (2013)

    Google Scholar 

  10. Brauckhoff, D., et al.: Impact of packet sampling on anomaly detection metrics. In: ACM SIGCOMM Conference on Internet Measurement (2006)

    Google Scholar 

  11. Stoecklin, M.P., Le Boudec, J.-Y., Kind, A.: A two-layered anomaly detection technique based on multi-modal flow behavior models. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 212–221. Springer, Heidelberg (2008)

    Google Scholar 

  12. Dimitropoulos, X., et al.: The eternal sunshine of the sketch data structure. Computer Networks 52(17) (2008)

    Google Scholar 

  13. Sperotto, A., et al.: A Labeled Data Set For Flow-based Intrusion Detection. In: IEEE International Workshop on IP Operations and Management (IPOM), Berlin (2009)

    Google Scholar 

  14. Plonka, D., Barford, P.: Network anomaly confirmation, diagnosis and remediation. In: Allerton Conference on Communication, Control, and Computing. IEEE Press (2009)

    Google Scholar 

  15. Lakhina, A., et al.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM Conference on Internet Measurement (2005)

    Google Scholar 

  16. Renyi, A.: Probability Theory. North-Holland, Amsterdam (1970)

    Google Scholar 

  17. Tsallis, C.: Possible Generalization of Boltzmann-Gibbs Statistics. Statistical Physics 52(1-2) (1988)

    Google Scholar 

  18. Gupta, P., Kumar, V.: General Pseudoadditivity of Kapur’s Entropy prescribed by the existence of equilibrium. International Journal of Scientific & Engineering Research 1(3) (2010)

    Google Scholar 

  19. Titchener, M.: Deterministic Complexity and Entropy. Fundamenta Informaticae 64(1-4) (2005)

    Google Scholar 

  20. Lan, K., Heidemann, J.: On the correlation of Internet flow characteristics. Technical Report ISI-TR-574, USC/Information Sciences Institute (2003)

    Google Scholar 

  21. Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information, RFC 5101 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Military Communication Institute, Zegrze, Poland

    Przemysław Bereziński, Józef Pawelec, Marek Małowidzki & Rafał Piotrowski

Authors
  1. Przemysław Bereziński
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Józef Pawelec
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marek Małowidzki
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafał Piotrowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Przemysław Bereziński .

Editor information

Editors and Affiliations

  1. Institute of Computer Engineering Control and Robotics, Wrocław University of Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Institute of Computer Engineering Control and Robotics, Wrocław University of Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Institute of Computer Engineering Control and Robotics, Wrocław University of Technology, Wrocław, Poland

    Jarosław Sugier

  4. Institute of Computer Engineering Control and Robotics, Wrocław University of Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Bereziński, P., Pawelec, J., Małowidzki, M., Piotrowski, R. (2014). Entropy-Based Internet Traffic Anomaly Detection: A Case Study. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. June 30 – July 4, 2014, Brunów, Poland. Advances in Intelligent Systems and Computing, vol 286. Springer, Cham. https://doi.org/10.1007/978-3-319-07013-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07013-1_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07012-4

  • Online ISBN: 978-3-319-07013-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation