Detecting Anomalies Using Entropy of ICMP Packet
In the past several decades, many anomaly detection methods in Internet have been proposed. However, nearly all of the prior studies work at the cost of a lot of statistical work because of focusing on the whole Internet traffic. We attempt to exploit a more effective anomaly detection method based on Entropy of ICMP. Since two different type DATA sets, including ICMPv4 data as well as ICMPv6 data, are investigated, our central results are the following: Firstly, Entropy of ICMP is relatively stable. Entropy of IP packet protocols, Entropy of ICMP message types and Entropy of IP addresses are all slightly fluctuate around their own mean values. Therefore, abnormality in internet traffic can be detected by identifying abrupt changes of Entropy of ICMP. Secondly, for normal ICMP traffic, arrival process of packets exhibit stability and ICMP packets per time unit hold one relatively stable value.
ICMPv4 ICMPv6 Entropy Anomaly Detection
Waixi Liu Shun-Zheng Yu
Department of Electronic and Communication Engineering,Sun Yat-Sen University,Guangzhou,P.R.China De Department of Electronic and Communication Engineering,Sun Yat-Sen University,Guangzhou,P.R.China
国际会议
太原
英文
10-13
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)