Title :
Multi-scale Entropy Based Traffic Analysis and Anomaly Detection
Author :
Ruo-Yu, Yan ; Qing-Hua, Zheng
Author_Institution :
Dept. of Comput. Sci. & Technol., Xi´´an Jiaotong Univ., Xi´´an
Abstract :
The idea of using entropy measurement to detect anomalies or analyze traffic characteristics has been floating around the research community for some time. But all these entropy-based approaches are single-scale based "complexity" methods and fail to account for the multiple time scales inherent in time series. In order to fulfill this goal we have introduced Renyi entropy based method: multi-scale entropy (MSE). In this paper, a kind of port-to-port traffic in router is presented, which we call IF-flow. IF-flows can amplify the ratio of attack traffic to normal traffic. We apply MSE to the analysis of IF-flow time series in time scales, and find some interesting results. One of results supports a general view that flow count metric has a more powerful ability to detect many types of anomalies than byte and packet count metric. We also use MSE to detect anomaly existed in IF-flow time series. The experimental results indicate MSE can detect anomaly accurately.
Keywords :
entropy; telecommunication network routing; telecommunication security; telecommunication traffic; time series; IF-flow time series; Renyi entropy based method; anomaly detection; multiscale entropy; port-to-port traffic; single-scale based complexity method; traffic analysis; Application software; Computer crime; Computer science; Entropy; Information analysis; Intelligent systems; Switches; System analysis and design; Telecommunication traffic; Traffic control; Multi-scale entropy; Renyi entropy; anomaly detection; traffic analysis;
Conference_Titel :
Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on
Conference_Location :
Kaohsiung
Print_ISBN :
978-0-7695-3382-7
DOI :
10.1109/ISDA.2008.167
