Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. The complexity of the most recent network attacks, as well as the literature, seems to point out that observing a single traffic descriptor can be not enough to detect the wide range of network attacks, which are present in the Internet nowadays. For such a reason, in this paper, we investigate a novel anomaly detection system that detects traffic anomalies by estimating the joint entropy of different traffic descriptors. The presented system is evaluated over the MawiLab traffic traces, a well-known data-set representing real traffic captured over a backbone network.
A novel bivariate entropy-based network anomaly detection system
Callegari, Christian;Pagano, Michele
2017-01-01
Abstract
Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. The complexity of the most recent network attacks, as well as the literature, seems to point out that observing a single traffic descriptor can be not enough to detect the wide range of network attacks, which are present in the Internet nowadays. For such a reason, in this paper, we investigate a novel anomaly detection system that detects traffic anomalies by estimating the joint entropy of different traffic descriptors. The presented system is evaluated over the MawiLab traffic traces, a well-known data-set representing real traffic captured over a backbone network.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.