Detecting security anomalies from internet traffic using the MA-RMSE algorithms

Author

Pinto, Breno ; Khera, Varin ; Fung, Chun Che

Author_Institution

Comput. Security Incident Response Team, BrasilTelecom, Brasilia, Brazil

fYear

2009

fDate

23-26 June 2009

Firstpage

887

Lastpage

891

Abstract

Many detection techniques against worms, denial of service attacks and botnets on the Internet have been developed. It is difficult to detect these threats if the malicious traffic has insufficient intensity, which is usually the case. To make the problem worse, legitimate Internet services behaving like worm and complexity network environments undermines the efficiency of the detection techniques. This paper proposes an entropy-based Internet threats detection approach that determines and reports the traffic complexity parameters when changes in the traffic complexity content may indicate a malicious network event. Based on the experiment, the proposed method is efficient and produces less false positive and false negative alarms with a faster detection time.

Keywords

Internet; entropy; security of data; telecommunication traffic; Internet traffic; MA-RMSE algorithm; denial of service attack; entropy-based Internet threats detection approach; malicious network event; measure of anomaly; representative measure of string entropy; security anomaly detection; Australia; Computer crime; Computer security; Computer worms; Detection algorithms; Entropy; Information security; Information technology; Telecommunication traffic; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Industrial Informatics, 2009. INDIN 2009. 7th IEEE International Conference on

Conference_Location

Cardiff, Wales

ISSN

1935-4576

Print_ISBN

978-1-4244-3759-7

Electronic_ISBN

1935-4576

Type

conf

DOI

10.1109/INDIN.2009.5195920

Filename

5195920