An Entropy-based Method on Network Attack Detection
Intrusion Detection System (IDS) typically generates large amounts of alerts with high false rate. Identifying the network attack from the huge volume of alerts is a frustrating task for security officers. The situation gets worse when a large-scale network is monitored by IDS. In this paper we propose an entropy-based method to detect network attack from millions of alerts. First, the Shannon entropy is used to analyze the distribution characteristics of alert source IP address, destination IP address, source threat, destination threat and datagram length. Then, the Renyi cross entropy is employed to fuse the Shannon entropy vector and detect the anomalies. The IDS used in our experiment is Snort, and the experimental results based on actual network data show that our approach can detect network attack quickly and accurately.
network securiy IDS shannon entropy renyientropy
Zhiwen Wang Ke Lu Ting Liu
MOE Key Lab for Intelligent Networks and Network Security,State Key Lab for Manufacturing Systems School of Electronic and Information Engineering,Xian Jiaotong University Xian,P.R.China
国际会议
太原
英文
485-489
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)