Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
WOSP '07 Proceedings of the 6th international workshop on Software and performance
Estimating entropy over data streams
ESA'06 Proceedings of the 14th conference on Annual European Symposium - Volume 14
A near-optimal algorithm for computing the entropy of a stream
SODA '07 Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms
A data streaming algorithm for estimating entropies of od flows
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
The risk-utility tradeoff for IP address truncation
Proceedings of the 1st ACM workshop on Network data anonymization
A Novel Worm Detection Model Based on Host Packet Behavior Ranking
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Behavioural Characterization for Network Anomaly Detection
Transactions on Computational Science IV
Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Scan Surveillance in Internet Networks
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Sublinear estimation of entropy and information distances
ACM Transactions on Algorithms (TALG)
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Detecting anomalies in network traffic using the method of remaining elements
IEEE Communications Letters
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
A near-optimal algorithm for estimating the entropy of a stream
ACM Transactions on Algorithms (TALG)
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
Measurement data reduction through variation rate metering
INFOCOM'10 Proceedings of the 29th conference on Information communications
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward worm detection in online social networks
Proceedings of the 26th Annual Computer Security Applications Conference
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
An entropy based approach for sense-through foliage target detection using UWB radar
WASA'11 Proceedings of the 6th international conference on Wireless algorithms, systems, and applications
Parametric methods for anomaly detection in aggregate traffic
IEEE/ACM Transactions on Networking (TON)
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Towards a universal sketch for origin-destination network measurements
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Estimating entropy and entropy norm on data streams
STACS'06 Proceedings of the 23rd Annual conference on Theoretical Aspects of Computer Science
A fast worm scan detection tool for VPN congestion avoidance
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Flow-level traffic analysis of the blaster and sobig worm outbreaks in an internet backbone
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
NetStage/DPR: A self-reconfiguring platform for active and passive network security operations
Microprocessors & Microsystems
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
Characterizing per-application network traffic using entropy
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Detecting massive network events like worm outbreaks in fast IP networks, such as Internet backbones, is hard. One problem is that the amount of traffic data does not allow real-time analysis of details. Another problem is that the specific characteristics of these events are not known in advance. There is a need for analysis methods that are real-time capable and can handle large amounts of traffic data. We have developed an entropy-based approach, that determines and reports entropy contents of traffic parameters such as IP addresses. Changes in the entropy content indicate a massive network event. We give analyses on two Internet worms as proof-of-concept. While our primary focus is detection of fast worms, our approach should also be able to detect other network events. We discuss implementation alternatives and give benchmark results. We also show that our approach scales very well.