Skip to main content
SpringerLink
Log in

A Novel Bivariate Entropy-Based Network Anomaly Detection System

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Abstract

Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. The complexity of the most recent network attacks, as well as the literature, seems to point out that observing a single traffic descriptor can be not enough to detect the wide range of network attacks, which are present in the Internet nowadays.

For such a reason, in this paper, we investigate a novel anomaly detection system that detects traffic anomalies by estimating the joint entropy of different traffic descriptors. The presented system is evaluated over the MawiLab traffic traces, a well-known data-set representing real traffic captured over a backbone network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Callegari, C., et al.: A methodological overview on anomaly detection. In: Biersack, E., Callegari, C., Matijasevic, M. (eds.) Data Traffic Monitoring and Analysis. LNCS, vol. 7754, pp. 148–183. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36784-7_7

    Chapter  Google Scholar 

  2. Wagner, A., Plattner, B.: Entropy based worm and anomaly detection in fast IP networks. In: 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE 2005), pp. 172–177. June 2005

    Google Scholar 

  3. Callegari, C., Giordano, S., Pagano, M.: On the use of compression algorithms for network anomaly detection. In: 2009 IEEE International Conference on Communications, pp. 1–5. June 2009

    Google Scholar 

  4. Lakhina, A.: Diagnosing network-wide traffic anomalies. In: ACM SIGCOMM, pp. 219–230 (2004)

    Google Scholar 

  5. Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy. SP 2001, pp. 130–143. IEEE Computer Society, Washington, DC (2001)

    Google Scholar 

  6. Ziviani, A., Gomes, A.T.A., Monsores, M.L., Rodrigues, P.S.S.: Network anomaly detection using nonextensive entropy. IEEE Commun. Lett. 11(12), 1034–1036 (2007)

    Article  Google Scholar 

  7. Tellenbach, B., Burkhart, M., Sornette, D., Maillart, T.: Beyond Shannon: characterizing internet traffic with generalized entropy metrics. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 239–248. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00975-4_24

    Chapter  Google Scholar 

  8. Lima, C.F.L., Assis, F.M., de Souza, C.P.: A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection. In: 2011 IEEE International Workshop on Measurements and Networking Proceedings (M&N), pp. 77–82. October 2011

    Google Scholar 

  9. Bereziński, P., Jasiul, B., Szpyrka, M.: An entropy-based network anomaly detection method. Entropy 17(4), 2367 (2015)

    Article  Google Scholar 

  10. Callegari, C., Casella, A., Giordano, S., Pagano, M., Pepe, T.: Sketch-based multidimensional ids: a new approach for network anomaly detection. In: 2013 IEEE Conference on Communications and Network Security (CNS), pp. 350–358. October 2013

    Google Scholar 

  11. Thatte, G., Mitra, U., Heidemann, J.: Parametric methods for anomaly detection in aggregate traffic. IEEE/ACM Trans. Netw. 19(2), 512–525 (2011)

    Article  Google Scholar 

  12. Callegari, C., Giordano, S., Pagano, M.: Bivariate non-parametric anomaly detection. In: 2014 IEEE International Conference on High Performance Computing and Communications, 2014 IEEE 6th International Symposium on Cyberspace Safety and Security, 2014 IEEE 11th International Conference on Embedded Software and System (HPCC, CSS, ICESS), pp. 810–813. August 2014

    Google Scholar 

  13. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature. In: ACM SIGCOMM (2005)

    Google Scholar 

  14. Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., Pepe, T.: When randomness improves the anomaly detection performance. In: Proceedings of 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL) (2010)

    Google Scholar 

  15. Schweller, R., Gupta, A., Parsons, E., Chen, Y.: Reversible sketches for efficient and accurate change detection over network data streams. In: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement. IMC 2004, pp. 207–212. ACM, New York (2004)

    Google Scholar 

  16. Cormode, G., Muthukrishnan, S.: An improved data stream summary: the count-min sketch and its applications. J. Algorithms 55(1), 58–75 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  17. Shannon, C.E., Weaver, W.: The Mathematical Theory of Communication. University of Illinois Press, Champaign (1949)

    Google Scholar 

  18. Flow-Tools Home Page. http://www.ietf.org/rfc/rfc3954.txt

  19. Claise, B.: Cisco Systems Netflow Services Export Version 9. RFC 3954 (Informational). October 2004

    Google Scholar 

  20. Muthukrishnan, S.: Data streams: algorithms and applications. In: Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms, p. 413. Society for Industrial and Applied Mathematics, Philadelphia (2003)

    Google Scholar 

  21. Thorup, M., Zhang, Y.: Tabulation based 4-universal hashing with applications to second moment estimation. In: SODA 2004: Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 615–624. Society for Industrial and Applied Mathematics, Philadelphia (2004)

    Google Scholar 

  22. Callegari, C., Casella, A., Giordano, S., Pagano, M., Pepe, T.: Sketch-based multidimensional IDS: A new approach for network anomaly detection. In: IEEE Conference on Communications and Network Security, CNS 2013, 14–16 October 2013, National Harbor, MD, USA, pp. 350–358 (2013)

    Google Scholar 

  23. Zhang, L., Veitch, D.: Learning entropy. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011. LNCS, vol. 6640, pp. 15–27. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20757-0_2

    Chapter  Google Scholar 

  24. MAWILab. http://www.fukuda-lab.org/mawilab/. Accessed Nov 2011

Download references

Acknowledgment

This work was partially supported by Multitech SeCurity system for intercOnnected space control groUnd staTions (SCOUT), a research project supported by the FP7 programme of the European Community.

Author information

Authors and Affiliations

  1. RaSS National Laboratory, CNIT, 56100, Pisa, Italy

    Christian Callegari

  2. Department of Information Engineering, University of Pisa, 56100, Pisa, Italy

    Michele Pagano

Authors
  1. Christian Callegari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michele Pagano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Callegari .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Callegari, C., Pagano, M. (2017). A Novel Bivariate Entropy-Based Network Anomaly Detection System. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72395-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72394-5

  • Online ISBN: 978-3-319-72395-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation