Title :
An approach on detecting network attack based on entropy
Author :
Wang, Zhiwen ; Xia, Qin
Author_Institution :
Dept. of Comput. Sci. & Technol., Xi´´an Jiaotong Univ., Xi´´an, China
Abstract :
There are a large amounts of alerts with high false rate in typical Intrusion Detection System (IDS). The problem about how to identify network attack effectively from huge volume of alerts is becoming a challenging task for security administrators. It gets worse with larger scale of network being monitored by IDS. In this paper we propose an approach on detecting network attack based on entropy from millions of alerts. Shannon entropy is developed firstly to analyze the distribution characteristics of alert with five key attributes including source IP address, destination IP address, source threat, destination threat and datagram length. Then, the Renyi cross entropy is employed to fuse the Shannon entropy vector and detect the anomalies. The IDS used in our experiment is Snort, and the experimental results based on actual network data show that our approach can detect network attack quickly and accurately.
Keywords :
IP networks; computer network security; entropy; Renyi cross entropy; Shannon entropy vector; Snort; alert distribution characteristics; anomaly detection; datagram length; destination IP address; destination threat; intrusion detection system; network attack detection; network monitoring; security administration; source IP address; source threat; Entropy; IP networks; Intrusion detection; Monitoring; Training; Training data; IDS; network securiy; renyi entropy; shannon entropy;
Conference_Titel :
Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2011 IEEE International Conference on
Conference_Location :
Kunming
Print_ISBN :
978-1-61284-910-2
DOI :
10.1109/CYBER.2011.6011795
