Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
PCAV: internet attack visualization on parallel coordinates
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Real-time visualization of network attacks on high-speed links
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
This article introduces a novel anomaly detection method that makes use of only matrix operations and is highly sensitive to randomness in traffic. The sensitivity can be leveraged to detect attacks that exude randomness in traffic characteristics, such as denial-of-service attacks and worms. In particular, we show that the method can be used to alert of the imminent onset of a worm epidemic in a statistically sound manner, irrespective of the worm's scanning strategies.