The impressive growth of the Internet and the ever increasing number of sensitive services together with the unawareness of the risks deriving from information sharing on the net by a significant amount of end-users pose serious security concerns. In such a scenario, Network Anomaly detection, due to its ability to face unknown attacks and new security threats, has attracted many research efforts in the last decade and, as such, a lot of different methods and approaches have been proposed. In this paper we present an extensive performance comparison between two of the most promising anomaly detection methods (namely CUSUM-based and Entropy-based), when applied to real backbone network traffic traces. The experimental results demonstrate that the effectiveness of the considered methods are strongly influenced by the considered traffic descriptors.
CUSUM-based and entropy-based network anomaly detection: An experimental comparison
Callegari, Christian;Pagano, Michele;Giordano, Stefano;Berizzi, Fabrizio
2017-01-01
Abstract
The impressive growth of the Internet and the ever increasing number of sensitive services together with the unawareness of the risks deriving from information sharing on the net by a significant amount of end-users pose serious security concerns. In such a scenario, Network Anomaly detection, due to its ability to face unknown attacks and new security threats, has attracted many research efforts in the last decade and, as such, a lot of different methods and approaches have been proposed. In this paper we present an extensive performance comparison between two of the most promising anomaly detection methods (namely CUSUM-based and Entropy-based), when applied to real backbone network traffic traces. The experimental results demonstrate that the effectiveness of the considered methods are strongly influenced by the considered traffic descriptors.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
