Title :
Network Anomaly Detection Using Random Forests and Entropy of Traffic Features
Author :
Dong Yao ; Meijuan Yin ; Junyong Luo ; Silong Zhang
Abstract :
Tracking changes in traffic feature distributions and using it to classify traffic with different behavior is very important in the domain of network anomaly detection. Shannon entropy can be used to find changes in the normal distribution of network traffic to identify anomalies. Standardized entropy provides a measure of uniformity and randomicity on the same baseline for vectors or variables in the different sample space. Random Forests is a machine learning classification algorithm. It is best suited for the analysis of complex or distribution-imbalanced data structures embedded in small to moderate data sets. Anomaly traffic always occupied a little proportion of the whole network traffic. So we employed a combination of entropy measure and Random Forests classification to detect anomalies in network traffic. Our results demonstrate that the new technique is great promise in traffic anomaly detection.
Keywords :
computer network security; entropy; learning (artificial intelligence); normal distribution; pattern classification; set theory; telecommunication traffic; vectors; Shannon entropy; anomaly identification; distribution-imbalanced data structures analysis; machine learning classification algorithm; network anomaly detection; normal distribution; random forest classification; randomicity measure; standardized entropy; traffic classification; traffic feature distribution; traffic feature entropy; uniformity measure; Classification algorithms; Entropy; Telecommunication traffic; Training; Vectors; Vegetation; Random Forests; anomaly detection; entropy;
Conference_Titel :
Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4673-3093-0
DOI :
10.1109/MINES.2012.146
