The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Conversation Exchange Dynamics for Real-Time Network Monitoring and Anomaly Detection
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Network anomaly detection and classification via opportunistic sampling
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Entropy of ATM traffic streams: a tool for estimating QoS parameters
IEEE Journal on Selected Areas in Communications
Hardware Precomputation of Entropy for Anomaly Detection
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
| Hi-index | 0.00 |
Network-based attacks are so devastating that they have become major threats to network security. Early yet accurate warning of these attacks is critical for both operators and end users. However, neither speed nor accuracy is easy to achieve because both require effective extraction and interpretation of anomalous patterns from overwhelmingly massive, noisy network traffic. The intrusion detection system presented here is designed to assist in diagnosing and identifying network attacks. This IDS is based on the notion of packet dynamics, rather than packet content, as a way to cope with the increasing complexity of attacks. We employ a concept of entropy to measure time-variant packet dynamics and, further, to extrapolate this entropy to detect network attacks. The entropy of network traffic should vary abruptly once the distinct patterns of packet dynamics embedded in attacks appear. The proposed classifier is evaluated by comparing independent statistics derived from five well-known attacks. Our classifier detects those five attacks with high accuracy and does so in a timely manner.