Title :
Entropy Based Analysis of Anomaly Access of IP Packets
Author :
Honda, Shuichi ; Nakashima, Takuo ; Oshima, Shunsuke
Author_Institution :
Kyushu Tokai Univ. 9-1-1 Toroku, Kumamoto
Abstract :
To defend DoS (denial of service) attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules lies where normal and anomaly packets have to be distinguished in incoming packets. The purpose of our research is to explore the early detective method for anomaly accesses based on statistic analysis. In this paper, we firstly define the entropy-based analysis, then analyze the amount of incoming packets to our collage. As the results, we were able to extract the following features for the entropy analysis. Firstly, entropy-based analysis detect distributed small amount of 80/TCP anomaly accesses compared to the frequency-based analysis. Secondly, one hour window size is most sensitive to find the 80/TCP anomaly accesses. Finally, after applying the filter of noisy accesses of ICMP anomaly packets for total amount of data sets, entropy-based analysis detects small amount of ICMP anomaly accesses.
Keywords :
IP networks; entropy; filtering theory; security of data; statistical analysis; transport protocols; IP packets; denial of service attacks; entropy based analysis; filtering mechanism; frequency-based analysis; intrusion detection system; statistic analysis; Computer crime; Data analysis; Entropy; Feature extraction; Filtering; Filters; Frequency; Intrusion detection; Statistical analysis; Statistical distributions;
Conference_Titel :
Innovative Computing Information and Control, 2008. ICICIC '08. 3rd International Conference on
Conference_Location :
Dalian, Liaoning
Print_ISBN :
978-0-7695-3161-8
Electronic_ISBN :
978-0-7695-3161-8
DOI :
10.1109/ICICIC.2008.645
