Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
A TCAM-based solution for integrated traffic anomaly detection and policy filtering
Computer Communications
Effective DDoS Attacks Detection Using Generalized Entropy Metric
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
Intrusion detection using reduced-size RNN based on feature grouping
Neural Computing and Applications - Special Issue on LSMS2010 and ICSEE 2010
Revealing network communities with a nonlinear programming method
Information Sciences: an International Journal
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
Hi-index | 0.00 |
Denial of Service (DoS) attack poses a severe threat to the Internet. Entropy-based methods have been successfully used to detect specific types of malicious traffic. This paper presents a novel dynamic entropy-based model for the detection of DoS attack. Based on the theory of alive communication, the dynamic entropy model is constructed by combining the information entropy as well as the feature of netflow conversation correlation. This is the first application of the theory of alive communication in the network anomalies detection. To evaluate the performance of the dynamic entropy model, we compare it with the traditional information entropy model. The experiment results demonstrate the presence of traffic's dynamic entropy and show that the dynamic entropy keeps stable under normal traffic. By contrast, it fluctuates significantly when the network subjects to DoS attacks. Moreover, the detection rate of dynamic entropy-based model is higher and can detect unknown DoS attacks effectively.