• DocumentCode
    3367350
  • Title

    On-line anomaly detection based on relative entropy

  • Author

    Altaher, Altyeb ; Ramadass, Sureswaran ; Thuraisingham, Bhavani ; Mehedy, Mohammad

  • Author_Institution
    Nat. Adv. IPv6 Center of Excellence, Univ. Sains Malaysia, Minden, Malaysia
  • fYear
    2011
  • fDate
    28-30 Oct. 2011
  • Firstpage
    33
  • Lastpage
    36
  • Abstract
    Because the internet and computer networks are exposed to rapidly increasing number of serious security threats, efficient and effective anomaly detection techniques have become a necessity to secure the internet and computer networks. Traditional signature based anomaly detection techniques failed to detect polymorphic and new security threats. In this paper, we propose an online worm detection system based on relative entropy. The system effectively profiles network traffic features and then uses relative entropy to dynamically determine the traffic changes. It then applies adaptive filter to differentiate the traffic changes and determines whether the traffic is normal or contains worms. Our experimental results show that the proposed system is efficient for on-line anomaly detection, using traffic trace collected in high-speed links.
  • Keywords
    Internet; computer network security; entropy; invasive software; Internet; adaptive filter; computer networks; network traffic; online anomaly detection; online worm detection system; relative entropy; security threats; Entropy; Graphical user interfaces; Grippers; IP networks; Internet; Presses; Telecommunication traffic; Network anomaly detection; Network entropy; relative network entropy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on
  • Conference_Location
    Shenzhen
  • Print_ISBN
    978-1-61284-158-8
  • Type

    conf

  • DOI
    10.1109/ICBNMT.2011.6155890
  • Filename
    6155890