ON-LINE ANOMALY DETECTION BASED ON RELATIVE ENTROPY
Because the internet and computer networks are exposed to rapidly increasing number of serious security threats, efficient and effective anomaly detection techniques have become a necessity to secure the internet and computer networks . Traditional signature based anomaly detection techniques failed to detect polymorphic and new security threats. In this paper, we propose an online worm detection system based on relative entropy. The system effectively profiles network traffic features and then uses relative entropy to dynamically determine the traffic changes. It then applies adaptive filter to differentiate the traffic changes and determines whether the traffic is normal or contains worms. Our experimental results show that the proposed system is efficient for on-line anomaly detection, using traffic trace collected in high-speed links.
Network anomaly detection Network entropy relative network entropy
Altyeb Altaher Sureswaran Ramadass Bhavani Thuraisingham Mohammad Mehedy
National Advanced IPv6 Center of Excellence Universiti Sains Malaysia, Malaysia The University of Texas at Dallas, USA
国际会议
深圳
英文
33-36
2011-10-28(万方平台首次上网日期,不代表论文的发表时间)