Application of Kolmogorov complexity in anomaly detection

Author

Ukil, Arijit

Author_Institution

Tata Consultancy Services, Innovation Labs., Kolkata, India

fYear

2010

fDate

Oct. 31 2010-Nov. 3 2010

Firstpage

141

Lastpage

146

Abstract

Kolmogorov complexity is the basis of algorithmic randomness theory. It quantifies the amount of information of individual object, which is measured by the size of its smallest algorithmic description. The concept of Kolmogorov complexity is used in many applications like spam filtering, data compression, information assurance etc. In this paper, we present the application of Kolmogorov complexity in network security field, particularly for anomaly detection. In order to accomplish that, it is assumed that most of the network attacks change the structure of the traffic. This enforces anomaly and hence subsequent intrusion can be detected if the structure or signature of the traffic flow is investigated. From this notion, we propose a signature based anomaly detection scheme. We show through simulation results that with the help of Kolmogorov complexity, we can detect traffic pattern abnormality in a simplistic way. This detection and quantification of traffic pattern eventually lead to anomaly detection.

Keywords

communication complexity; security of data; telecommunication security; telecommunication traffic; Kolmogorov complexity; algorithmic randomness theory; anomaly detection; network attacks; network security; traffic flow; traffic pattern abnormality; Analytical models; Complexity theory; Computers; Detectors; Indexes; Measurement; Simulation; IDS; anomaly detection; intrusion detection; kolmogorov complexity;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (APCC), 2010 16th Asia-Pacific Conference on

Conference_Location

Auckland

Print_ISBN

978-1-4244-8128-6

Electronic_ISBN

978-1-4244-8127-9

Type

conf

DOI

10.1109/APCC.2010.5679753

Filename

5679753