Abstract
Entropy-based anomaly detection has recently been extensively studied in order to overcome weaknesses of traditional volume and rule based approaches to network flows analysis. From many entropy measures only Shannon, Titchener and parameterized Renyi and Tsallis entropies have been applied to network anomaly detection. In the paper, our method based on parameterized entropy and supervised learning is presented. With this method we are able to detect a broad spectrum of anomalies with low false positive rate. In addition, we provide information revealing the anomaly type. The experimental results suggest that our method performs better than Shannon-based and volume-based approach.
Chapter PDF
Similar content being viewed by others
References
IETF IPFIX Working Group, http://datatracker.ietf.org/wg/ipfix/charter
Verizon. 2014 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR/2014/
Weka project homepage, http://www.cs.waikato.ac.nz/ml/weka
Bereziński, P., Pawelec, J., Małowidzki, M., Piotrowski, R.: Entropy-based internet traffic anomaly detection: A case study. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) Proceedings of the Ninth International Conference on DepCoS-RELCOMEX. AISC, vol. 286, pp. 47–58. Springer, Heidelberg (2014)
Brauckhoff, D.: Network traffic anomaly detection and evaluation. ETH, Zurich (2010)
Brauckhoff, D., Tellenbach, B., Wagner, A., May, M., Lakhina, A.: Impact of packet sampling on anomaly detection metrics. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC 2006, pp. 159–164. ACM (2006)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3) 15, 1–15 (2009)
Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network events correlation for federated networks protection system. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)
Davis, J., Goadrich, M.: The relationship between precision-recall and roc curves. In: Proc. of the 23rd Int. Conference on Machine Learning, ICML 2006, pp. 233–240. ACM (2006)
Dimitropoulos, X., Stoecklin, M., Hurley, P., Kind, A.: The eternal sunshine of the sketch data structure. Computer Networks 52(17), 3248–3257 (2008)
Fillatre, L., Nikiforov, I., Casas, P., Vaton, S.: Optimal volume anomaly detection in network traffic flows. In: Proceedings of the 16th European Signal Processing Conference, EURASIPCO 2008. EURASIP (2008)
Jasiul, B., Śliwa, J., Gleba, K., Szpyrka, M.: Identification of malware activities with rules. In: Proceedings of the Federated Conference on Computer Science and Information Systems, Warsaw, Poland (2014)
Jasiul, B., Szpyrka, M., Śliwa, J.: Malware behavior modeling with Colored Petri nets. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 667–679. Springer, Heidelberg (2014)
Kind, A., Stoecklin, M.P., Dimitropoulos, X.: Histogram-based traffic anomaly detection. IEEE Trans. on Netw. and Serv. Manag. 6(2), 110–121 (2009)
Kopylova, Y., Buell, D.A., Huang, C.-T., Janies, J.: Mutual information applied to anomaly detection. Journal of Communications and Networks 10(1), 89–97 (2008)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2005, pp. 217–228. ACM (2005)
Nychis, G., Sekar, V., Andersen, D.G., Kim, H., Zhang, H.: An empirical evaluation of entropy-based traffic anomaly detection. In: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, IMC 2008, pp. 151–156. ACM (2008)
Renyi, A.: Probability Theory. Dover Books on Mathematics Series. Dover Publ. Inc. (1973)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers and Security 31(3), 357–374 (2012)
Szpyrka, M., Jasiul, B., Wrona, K., Dziedzic, F.: Telecommunications networks risk assessment with bayesian networks. In: Saeed, K., Chaki, R., Cortesi, A., Wierzchoń, S. (eds.) CISIM 2013. LNCS, vol. 8104, pp. 277–288. Springer, Heidelberg (2013)
Tellenbach, B., Burkhart, M., Schatzmann, D., Gugelmann, D., Sornette, D.: Accurate network anomaly classification with generalized entropy metrics. Computer Networks 55(15), 3485–3502 (2011)
Tsallis, C., de Pesquisas Físicas, C.B.: Possible Generalization of Boltzmann-Gibbs Statistics. Notas de física. Centro Brasileiro de Pesquisas Físicas (1987)
Xiang, Y., Li, K., Zhou, W.: Low-rate ddos attacks detection and traceback by using new information metrics. Trans. Info. For. Sec. 6(2), 426–437 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bereziński, P., Szpyrka, M., Jasiul, B., Mazur, M. (2014). Network Anomaly Detection Using Parameterized Entropy. In: Saeed, K., Snášel, V. (eds) Computer Information Systems and Industrial Management. CISIM 2015. Lecture Notes in Computer Science, vol 8838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45237-0_43
Download citation
DOI: https://doi.org/10.1007/978-3-662-45237-0_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45236-3
Online ISBN: 978-3-662-45237-0
eBook Packages: Computer ScienceComputer Science (R0)