Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. In this paper we propose a novel intrusion detection system that performs anomaly detection by studying the variation in the entropy associated to the network traffic. To this aim, the traffic is first aggregated by means of random data structures (namely three-dimension reversible sketches) and then the entropy of different traffic descriptors is computed by using several definitions of entropy. The experimental results obtained over the MAWILab dataset validate the system and demonstrate the effectiveness of our proposal.
Entropy-based network anomaly Detection
Callegari, Christian
;Giordano, Stefano;Pagano, Michele
2017-01-01
Abstract
Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. In this paper we propose a novel intrusion detection system that performs anomaly detection by studying the variation in the entropy associated to the network traffic. To this aim, the traffic is first aggregated by means of random data structures (namely three-dimension reversible sketches) and then the entropy of different traffic descriptors is computed by using several definitions of entropy. The experimental results obtained over the MAWILab dataset validate the system and demonstrate the effectiveness of our proposal.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
