Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. The complexity of the most recent network attacks, as well as the literature, seems to point out that observing a single traffic descriptor can be not enough to detect the wide range of network attacks, which are present in the Internet nowadays. For such a reason, in this paper, we investigate a novel anomaly detection system that detects traffic anomalies by estimating the joint entropy of different traffic descriptors. The presented system is evaluated over the MawiLab traffic traces, a well-known data-set representing real traffic captured over a backbone network.

A novel bivariate entropy-based network anomaly detection system

Callegari, Christian;Pagano, Michele
2017-01-01

Abstract

Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. The complexity of the most recent network attacks, as well as the literature, seems to point out that observing a single traffic descriptor can be not enough to detect the wide range of network attacks, which are present in the Internet nowadays. For such a reason, in this paper, we investigate a novel anomaly detection system that detects traffic anomalies by estimating the joint entropy of different traffic descriptors. The presented system is evaluated over the MawiLab traffic traces, a well-known data-set representing real traffic captured over a backbone network.
2017
Callegari, Christian; Pagano, Michele
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/892209
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact