Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Wireless Personal Communications
Erschienen in: Wireless Personal Communications 4/2018

24.01.2018

Entropy-Based Anomaly Detection in a Network

verfasst von: Ajay Shankar Shukla, Rohit Maurya

Erschienen in: Wireless Personal Communications | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Every computer on the Internet these days is a potential target for a new attack at any moment. In this paper we propose a method to enhance network security using entropy based anomaly detection. Intrusion detection system Snort is used for collecting the complete network traffic. Snort alert is then processed for selecting the attributes. Then Shannon entropies are calculated to analyze source IP address, source port address, destination IP address, destination port address, source IP threat, source port threat, destination IP threat, destination port threat and datagram length. Renyi cross entropy method is applied on Shannon entropy vector to detect network attack. After detecting attack in network, list of source IP address, source port address, destination IP address, destination port address with respective number of attack are generated for the advance protection of the network. This facilitates the network administrator to block/unblock IP addresses and ports where is attacks were detected. In this method about 90% attacks are detected. The rest 10% network traffic could not be detected. Since some low priority network traffic being treated as genuine traffic.
Vorheriger Artikel FDMA System with Space–Time Encoded CPM Signals
Nächster Artikel Performance of an Energy harvesting Cooperative Cognitive Radio Network with Hybrid Spectrum Access Scheme

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., & Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24.CrossRef
2.
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973–993.MathSciNetCrossRefMATH
3.
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.CrossRef
4.
Mitchell, R., & Chen, R. (2014). A survey of intrusion detection in wireless network applications. Computer Communications, 42, 1–23.CrossRef
5.
Jamdagni, A., Tan, Z., He, X., Nanda, P., & Liu, R. P. (2013). Repids: A multi tier real-time payload-based intrusion detection system. Computer Networks, 57(3), 811–824.CrossRef
6.
Nyalkalkar, K., Sinhay, S., Bailey, M. & Jahanian, F. (2011). A comparative study of two network-based anomaly detection methods, INFOCOM, 2011 Proceedings IEEE, Shanghai (pp. 176–180).
7.
Eimann, R., Speidel, U., Brownlee, N., & Yang, J. (2005). Network event detection with T-entropy. Auckland: Department of Computer Science, The University of Auckland.
8.
Weisong, H., Guangmin, H., & Zhou, Y. (2012). Large-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining. Telecommunication Systems, 50(1), 1–13.CrossRef
9.
Fu, X., Graham, B., Bettati, R., & Zhao, W. (2003). On effectiveness of link padding for statistical traffic analysis attacks In Distributed computing systems proceedings (pp. 340–347).
10.
Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31.CrossRef
11.
The Global State of Information Security Survey. (2015). Accessed 02 May 2016
12.
Kaur, R., & Singh, S. (2015). A survey of data mining and social network analysis based anomaly detection techniques. Egyptian Informatics Journal, 17, 199–216.CrossRef
13.
Pawar, A. B., Kyatanavar, D. N., & Jawale, M. A. (2014). Article: Advanced intrusion detection system with prevention capabilities. International Journal of Computer Applications, 106(13), 17–24.
14.
Gao, M., & Wang, N. (2014). A network intrusion detection method based on improved K-means algorithm. Advanced Science and Technology Letters, 53, 429–433.CrossRef
15.
Celenk, M., Conley, T., Willis, J., & Graham, J. (2010). Predictive network anomaly detection and visualization. IEEE Transactions on Information Forensics and Security, 5(2), 288–299.CrossRef
16.
Gu, Y., McCallum, A., & Towsley, D. (2005). Detecting anomalies in network traffic using maximum entropy estimation. In Proceedings of the 5th ACM SIGCOMM conference on internet measurement (IMC ’05) (pp. 32–32). USENIX Association, Berkeley, CA, USA.
17.
Yu, S., Zhou, W., Doss, R., & Jia, W. (2011). Traceback of DDoS attacks using entropy variations. IEEE Transactions on in Parallel and Distributed Systems, 22(3), 412–425.CrossRef
18.
Chamoli, N., Kukreja, S., & Semwal, M. (2014). Survey and comparative analysis on entropy usage for several applications in computer vision. International Journal of Computer Applications, 97(16), 1–5.CrossRef
19.
Sharma, S., Agrawal, J., & Sharma, S. (2013). Classification through machine learning technique: C4.5 algorithm based on various entropies. International Journal of Computer Applications, 82(16), 28–32.CrossRef
20.
Christiane, F. L. L., de Assis F. M., & de Souza, C. P. (2012). A comparative study of use of Shannon, Rnyi and Tsallis entropy for attribute selecting in network intrusion detection. In Proceedings of the 13th international conference on intelligent data engineering and automated learning (IDEAL’12) (pp. 492–501).
21.
Berezinski, P., Pawelec, J., Maowidzki, M., & Piotrowski, R. (2014). Entropy-based internet traffic anomaly detection: A case study. In Proceedings of the ninth international conference on dependability and complex systems (pp. 47–58).
22.
Yang, L., Gasior, W., Katipally, R., & Cui, X. (2010). Alerts analysis and visualization in network-based intrusion detection systems. In 2010 IEEE second international conference on social computing (SocialCom) (pp. 785–790).
23.
Tapaswi, S., et al. (2014). Markov chain based roaming schemes for honeypots. Wireless Personal Communications: An International Journal, 78(2), 995–1010.CrossRef
24.
Liu, T., Wang, Z., Wang, H., & Ke, L. (2012). An entropy-based method for attack detection in large scale network. International Journal of Computer Communication, 7(3), 509–517.CrossRef
25.
Microsoft Software License Terms for Windows 7 Home Basic by Microsoft. Accessed 15 May 2016.
26.
Thomas, K., Sicam, J., Channelle, A., Thomas, A., & Sicam, C. (2009). Beginning Ubuntu Linux. New York: Apress.CrossRef
27.
Rehman, R. U. (2003). Intrusion detection systems with Snort: Advanced IDS techniques using Snort, Apache, MySQL, PHP, and ACID. Englewood Cliffs: Prentice Hall Professional.
28.
Caswell, B., & Beale, J. (2004). Snort 2.1 intrusion detection. Reading: Addison Wesley Professional.
29.
Holsopple, J., Yang, S. J., & Sudit, M. (2006). TANDI: Threat assessment of network data and information. In Proceedings of SPIE (Vol. 6242). The International Society for Optical Engineering.
30.
Shannon, C. E. (2001). A mathematical theory of communication. SIGMOBILE Mobile Computing and Communications Review, 5, 3–55.CrossRef
31.
Renyi, A. (1961). On measures of entropy and information. In Proceedings of the fourth Berkeley symposium on mathematical statistics and probability (Vol. 1, pp. 547–561).
32.
Kuhlman, D. (2009). A python book: Beginning python, advanced python, and python exercises. Lutz: Dave Kuhlman.
33.
Pritchett, W. (2012). BackTrack 5 Cookbook. Birmingham: Packt Publishing Ltd.
34.
Li, P. (2010). Selecting and using virtualization solutions: Our experiences with VMware and VirtualBox. Journal of Computing Sciences in Colleges, 25(3), 11–17.
Metadaten
Titel
Entropy-Based Anomaly Detection in a Network
verfasst von
Ajay Shankar Shukla
Rohit Maurya
Publikationsdatum
24.01.2018
Verlag
Springer US
Erschienen in
Wireless Personal Communications / Ausgabe 4/2018
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-018-5288-2

Weitere Artikel der Ausgabe 4/2018

Wireless Personal Communications 4/2018 Zur Ausgabe

OriginalPaper

Performance of an Energy harvesting Cooperative Cognitive Radio Network with Hybrid Spectrum Access Scheme

OriginalPaper

Improving Wireless Sensor Networks Durability Through Efficient Sink Motion Strategy: TMSRP

OriginalPaper

Design and Optimization of Wideband Microwave Amplifier Using Nonlinear Technique

OriginalPaper

Deployment Based Attack Resistant Key Distribution with Non Overlapping Key Pools in WSN

OriginalPaper

Optimized Relay Nodes Positioning to Achieve Full Connectivity in Wireless Sensor Networks

OriginalPaper

Design of Low Power VLSI Architecture of Line Coding Schemes

Neuer Inhalt

    Bildnachweise