Entropy-Based Anomaly Detection in a Network

被引：0

作者：

Ajay Shankar Shukla

Rohit Maurya

机构：

[1] All India Institute of Ayurveda (AIIA),

[2] UBSoft,undefined

来源：

Wireless Personal Communications | 2018年 / 99卷

关键词：

Entropy; IDS; Snort;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Every computer on the Internet these days is a potential target for a new attack at any moment. In this paper we propose a method to enhance network security using entropy based anomaly detection. Intrusion detection system Snort is used for collecting the complete network traffic. Snort alert is then processed for selecting the attributes. Then Shannon entropies are calculated to analyze source IP address, source port address, destination IP address, destination port address, source IP threat, source port threat, destination IP threat, destination port threat and datagram length. Renyi cross entropy method is applied on Shannon entropy vector to detect network attack. After detecting attack in network, list of source IP address, source port address, destination IP address, destination port address with respective number of attack are generated for the advance protection of the network. This facilitates the network administrator to block/unblock IP addresses and ports where is attacks were detected. In this method about 90% attacks are detected. The rest 10% network traffic could not be detected. Since some low priority network traffic being treated as genuine traffic.

引用

页码：1487 / 1501

页数：14

共 53 条

[1] Liao H-J(2013)Intrusion detection system: A comprehensive review Journal of Network and Computer Applications 36 16-24
[2] Lin C-HR(2014)A survey of emerging threats in cybersecurity Journal of Computer and System Sciences 80 973-993
[3] Lin Y-C(2013)A survey of intrusion detection techniques in cloud Journal of Network and Computer Applications 36 42-57
[4] Tung K-Y(2014)A survey of intrusion detection in wireless network applications Computer Communications 42 1-23
[5] Jang-Jaccard J(2013)Repids: A multi tier real-time payload-based intrusion detection system Computer Networks 57 811-824
[6] Nepal S(2012)Large-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining Telecommunication Systems 50 1-13
[7] Modi C(2016)A survey of network anomaly detection techniques Journal of Network and Computer Applications 60 19-31
[8] Patel D(2015)A survey of data mining and social network analysis based anomaly detection techniques Egyptian Informatics Journal 17 199-216
[9] Borisaniya B(2014)Article: Advanced intrusion detection system with prevention capabilities International Journal of Computer Applications 106 17-24
[10] Patel H(2014)A network intrusion detection method based on improved K-means algorithm Advanced Science and Technology Letters 53 429-433

← 1 2 3 4 5 6 →