On Detecting Abrupt Changes in Network Entropy Time Series

Abstract : In recent years, much research focused on entropy as a metric describing the “chaos” inherent to network traffic. In particular, network entropy time series turned out to be a scalable technique to detect unexpected behavior in network traffic.In this paper, we propose an algorithm capable of detecting abrupt changes in network entropy time series. Abrupt changes indicate that the underlying frequency distribution of network traffic has changed significantly. Empirical evidence suggests that abrupt changes are often caused by malicious activity such as (D)DoS, network scans and worm activity, just to name a few.Our experiments indicate that the proposed algorithm is able to reliably identify significant changes in network entropy time series. We believe that our approach helps operators of large-scale computer networks in identifying anomalies which are not visible in flow statistics.
Type de document :
Communication dans un congrès
Bart Decker; Jorn Lapon; Vincent Naessens; Andreas Uhl. 12th Communications and Multimedia Security (CMS), Oct 2011, Ghent, Belgium. Springer, Lecture Notes in Computer Science, LNCS-7025, pp.194-205, 2011, Communications and Multimedia Security. 〈10.1007/978-3-642-24712-5_18〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01596209
Contributeur : Hal Ifip <>
Soumis le : mercredi 27 septembre 2017 - 13:50:34
Dernière modification le : mercredi 27 septembre 2017 - 13:51:50
Document(s) archivé(s) le : jeudi 28 décembre 2017 - 13:52:41

Fichier

978-3-642-24712-5_18_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Philipp Winter, Harald Lampesberger, Markus Zeilinger, Eckehard Hermann. On Detecting Abrupt Changes in Network Entropy Time Series. Bart Decker; Jorn Lapon; Vincent Naessens; Andreas Uhl. 12th Communications and Multimedia Security (CMS), Oct 2011, Ghent, Belgium. Springer, Lecture Notes in Computer Science, LNCS-7025, pp.194-205, 2011, Communications and Multimedia Security. 〈10.1007/978-3-642-24712-5_18〉. 〈hal-01596209〉

Partager

Métriques

Consultations de la notice

71

Téléchargements de fichiers

28