Title :
Extraction of Characteristics of Anomaly Accessed IP Packets by the Entropy-Based Analysis
Author :
Nakashima, Takuo ; Oshima, Shunsuke ; Nishikido, Yusuke ; Sueyoshi, Toshinori
Author_Institution :
Kyushu Tokai Univ., Kumamoto
Abstract :
To defend DoS (denial of service) attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. The purpose of our research is to explore the early detective method for anomaly accesses based on statistic analysis. In this paper, we firstly define the entropy-based analysis, then analyze the amount of incoming packets to our collage. As the results, we were able to extract the following features for the entropy analysis. Firstly, fluctuations for first octet aggregation lead to similar pattern compared to that of first and second octets aggregation. Secondly, sliding time of 10 minutes of entropy window was sensitive to detect anomaly accesses. Finally, differential entropy detected the small amount of 80/TCP anomaly accesses while analysis of frequency was hard to find that.
Keywords :
entropy; security of data; statistical analysis; anomaly accessed IP packets; denial of service; entropy; intrusion detection system; statistic analysis; Competitive intelligence; Computer crime; Educational institutions; Entropy; Filtering; Intrusion detection; Network servers; Software systems; Statistical analysis; Web server; Anomaly access; DoS attacks; Entropy; Statistics;
Conference_Titel :
Complex, Intelligent and Software Intensive Systems, 2008. CISIS 2008. International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3109-0
DOI :
10.1109/CISIS.2008.60
