In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering some techniques for detecting network anomalies. Our approach is based on the use of different compression algorithms for detecting anomalies in the network traffic running over TCP. In more detail we take into account the use of three different compression algorithms, based on distinct approaches, namely: Huffman coding, Dynamic Markov Coding, and Lempel-Ziv-Welch algorithm. The proposed methods are based on the consideration that the entropy represents a lower bound to the compression rate that we can obtain, and that the more redundant the data are and the better we can compress them. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.

On the Use of Compression Algorithms for Network Anomaly Detection

CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PAGANO, MICHELE
2009-01-01

Abstract

In the last few years, the number and impact of security attacks over the Internet have been continuously increasing. Since it seems impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems has emerged as a key element in network security. In this paper we address the problem considering some techniques for detecting network anomalies. Our approach is based on the use of different compression algorithms for detecting anomalies in the network traffic running over TCP. In more detail we take into account the use of three different compression algorithms, based on distinct approaches, namely: Huffman coding, Dynamic Markov Coding, and Lempel-Ziv-Welch algorithm. The proposed methods are based on the consideration that the entropy represents a lower bound to the compression rate that we can obtain, and that the more redundant the data are and the better we can compress them. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed methods.
2009
9781424434350
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/197792
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 0
social impact