Title :
On-line anomaly detection based on relative entropy
Author :
Altaher, Altyeb ; Ramadass, Sureswaran ; Thuraisingham, Bhavani ; Mehedy, Mohammad
Author_Institution :
Nat. Adv. IPv6 Center of Excellence, Univ. Sains Malaysia, Minden, Malaysia
Abstract :
Because the internet and computer networks are exposed to rapidly increasing number of serious security threats, efficient and effective anomaly detection techniques have become a necessity to secure the internet and computer networks. Traditional signature based anomaly detection techniques failed to detect polymorphic and new security threats. In this paper, we propose an online worm detection system based on relative entropy. The system effectively profiles network traffic features and then uses relative entropy to dynamically determine the traffic changes. It then applies adaptive filter to differentiate the traffic changes and determines whether the traffic is normal or contains worms. Our experimental results show that the proposed system is efficient for on-line anomaly detection, using traffic trace collected in high-speed links.
Keywords :
Internet; computer network security; entropy; invasive software; Internet; adaptive filter; computer networks; network traffic; online anomaly detection; online worm detection system; relative entropy; security threats; Entropy; Graphical user interfaces; Grippers; IP networks; Internet; Presses; Telecommunication traffic; Network anomaly detection; Network entropy; relative network entropy;
Conference_Titel :
Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-61284-158-8
DOI :
10.1109/ICBNMT.2011.6155890
