Title :
Effect of nonstationarity of network traffic in entropy-based intrusion detection (case study)
Author :
Basicevic, Ilija ; Kostovic, Zarko ; Popovic, M. ; Ocovaj, Stanislav
Author_Institution :
Fac. of Tech. Sci., Univ. of Novi Sad, Novi Sad, Serbia
Abstract :
Anomaly-based network intrusion detection that uses entropy has been researched for quite some time. In this paper, we present results of application of an entropy-based anomaly detector, implemented as an extension of snort intrusion detection system. The detector has been realized as a platform for case study on applicability of entropy-based techniques in network intrusion detection. The paper presents results of the detector´s application to two available network traces. The analysis of results shows that nonstationarity is an important property of network traffic which has to be taken into account in entropy based intrusion detection.
Keywords :
Internet; computer network security; entropy; telecommunication traffic; Internet traffic; anomaly-based network intrusion detection; denial-of-service attacks; entropy- based anomaly detector; entropy-based intrusion detection; intrusion prevention systems; network traces; network traffic nonstationarity effect; snort intrusion detection system; Computer crime; Computers; Educational institutions; Entropy; IP networks; Intrusion detection; Ports (Computers); Internet traffic; denial-of-service attacks; entropy-based anomaly detection; intrusion detection systems; snort;
Conference_Titel :
Telecommunications Forum (TELFOR), 2013 21st
Conference_Location :
Belgrade
Print_ISBN :
978-1-4799-1419-7
DOI :
10.1109/TELFOR.2013.6716188
