Abstract
Recently, entropy measures have shown a significant promise in detecting diverse set of network anomalies. While many different forms of entropy exist, only a few have been studied in the context of network anomaly detection. In the paper, results of our case study on entropy-based IP traffic anomaly detection are prestented. Besides the well-known Shannon approach and counter-based methods, variants of Tsallis and Renyi entropies combined with a set of feature distributions were employed to study their performance using a number of representative attack traces. Results suggest that parameterized entropies with a set of correctly selected feature distributions perform better than the traditional approach based on the Shannon entropy and counter-based methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Verizon Risk Team ‘Data Breach Investigations report’, Verizon (2012)
Nychis, G., et al.: An Empirical Evaluation of Entropy-based Traffic Anomaly Detection. In: ACM SIGCOMM Conference on Internet Measurement (2008)
Ruoyu, Y., et al.: Multi-scale entropy and renyi cross entropy based traffic anomaly detection. In: IEEE International Conference on Communication Systems, ICCS (2008)
Ziviani, A., et al.: Network Anomaly Detection using Nonextensive Entropy. IEEE Communications Letters 11(12) (2007)
Tellenbach, B.: Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics. Dis. Th., Elektro-Technische Hohschule Zurich (2012)
Eimann, R.: Network Event Detection with Entropy Measures. Dis. Th., University of Auckland (2008)
Chandola, V., et al.: Anomaly detection: A survey. ACM Comput. Surv. 41(3) (2009)
Brauckhoff, D.: Network Traffic anomaly Detection and Classification. Dis. Th., Elektro-Technische Hohschule Zurich (2010)
Pawelec, J., et al.: Entropy Measures For Internet Traffic Anomaly Detection. In: TransComp Conference on Computer Systems, Industry and Transport (2013)
Brauckhoff, D., et al.: Impact of packet sampling on anomaly detection metrics. In: ACM SIGCOMM Conference on Internet Measurement (2006)
Stoecklin, M.P., Le Boudec, J.-Y., Kind, A.: A two-layered anomaly detection technique based on multi-modal flow behavior models. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 212–221. Springer, Heidelberg (2008)
Dimitropoulos, X., et al.: The eternal sunshine of the sketch data structure. Computer Networks 52(17) (2008)
Sperotto, A., et al.: A Labeled Data Set For Flow-based Intrusion Detection. In: IEEE International Workshop on IP Operations and Management (IPOM), Berlin (2009)
Plonka, D., Barford, P.: Network anomaly confirmation, diagnosis and remediation. In: Allerton Conference on Communication, Control, and Computing. IEEE Press (2009)
Lakhina, A., et al.: Mining anomalies using traffic feature distributions. In: ACM SIGCOMM Conference on Internet Measurement (2005)
Renyi, A.: Probability Theory. North-Holland, Amsterdam (1970)
Tsallis, C.: Possible Generalization of Boltzmann-Gibbs Statistics. Statistical Physics 52(1-2) (1988)
Gupta, P., Kumar, V.: General Pseudoadditivity of Kapur’s Entropy prescribed by the existence of equilibrium. International Journal of Scientific & Engineering Research 1(3) (2010)
Titchener, M.: Deterministic Complexity and Entropy. Fundamenta Informaticae 64(1-4) (2005)
Lan, K., Heidemann, J.: On the correlation of Internet flow characteristics. Technical Report ISI-TR-574, USC/Information Sciences Institute (2003)
Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information, RFC 5101 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Bereziński, P., Pawelec, J., Małowidzki, M., Piotrowski, R. (2014). Entropy-Based Internet Traffic Anomaly Detection: A Case Study. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. June 30 – July 4, 2014, Brunów, Poland. Advances in Intelligent Systems and Computing, vol 286. Springer, Cham. https://doi.org/10.1007/978-3-319-07013-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-07013-1_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07012-4
Online ISBN: 978-3-319-07013-1
eBook Packages: EngineeringEngineering (R0)