Anomaly Detection Method Using Entropy of Network Traffic Distributions 


Vol. 13,  No. 3, pp. 283-294, Jun.  2006
10.3745/KIPSTC.2006.13.3.283


PDF
  Abstract

Hostile network traffic is often different from normal traffic in ways that can be distinguished without knowing the exact nature of the attack. In this paper, we propose a new anomaly detection method using inbound network traffic distributions. For this purpose, we first characterize the traffic of a real campus network by the distributions of IP protocols, packet length, destination IP/port addresses, TTL value, TCP SYN packet, and fragment packet. And then we introduce the concept of entropy to transform the obtained baseline traffic distributions into manageable values. Finally, we can detect the anomalies by the difference of entropies between the current and baseline distributions. In particular, we apply the well-known denial-of-service attacks to a real campus network and show the experimental results.

  Statistics
  Cite this article

[IEEE Style]

K. H. Kang, J. T. Oh, J. S. Jang, "Anomaly Detection Method Using Entropy of Network Traffic Distributions," The KIPS Transactions:PartC, vol. 13, no. 3, pp. 283-294, 2006. DOI: 10.3745/KIPSTC.2006.13.3.283.

[ACM Style]

Koo Hong Kang, Jin Tae Oh, and Jong Soo Jang. 2006. Anomaly Detection Method Using Entropy of Network Traffic Distributions. The KIPS Transactions:PartC, 13, 3, (2006), 283-294. DOI: 10.3745/KIPSTC.2006.13.3.283.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals