How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
A Mathematical Theory of Communication
A Mathematical Theory of Communication
Hi-index | 0.00 |
In this paper, we present a router-based system to identify worm attacks by computing entropy values of selected packet attributes. We first compute during a training phase a profile of entropy values of the selected packet attributes. Then Chebyshev's inequality is utilized after the training phase to calculate the normal bound of entropy value with a low probability of a false positive. The detector compares new data against the bound and generates an alert when the new input exceeds the normal bound. The detection accuracy and performance are analyzed using live traffic traces. The results indicate that this approach can be effective against current worm attacks.