An empirical evaluation of entropy-based traffic anomaly detection

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Volumn , Issue , 2008, Pages 151-156

  Nychis, George ^a   Sekar, Vyas ^a   Andersen, David G ^a   Kim, Hyong ^a   Zhang, Hui ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Anomaly detection; Entropy

Indexed keywords

ANOMALY DETECTION; BEHAVIORAL FEATURES; DEGREE DISTRIBUTIONS; EMPIRICAL EVALUATIONS; ENTROPY VALUES; IP ADDRESS; TIME-SERIES; TRAFFIC ANOMALIES; TRAFFIC DISTRIBUTIONS; TRAFFIC VOLUMES;

INTERNET; INTERNET PROTOCOLS; SEMICONDUCTING INTERMETALLICS;

ENTROPY;

EID: 63049084484     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1452520.1452539     Document Type: Conference Paper

References (20)

1. Snort. http://www.snort.org.
2. Argus. http://qosient.com/argus/.
3. Barford, P., Kline, J., Plonka, D., and Ron, A. A signal analysis of network traffic anomalies. In Proc. of IMW (2002).
4. Brauckhoff, D., Tellenbach, B., Wagner, A., Lakhina, A., and May, M. Impact of traffic sampling on anomaly detection metrics. In Proc. of ACM/USENIX IMC (2006).
5. Feinstein, L., Schnackenberg, D., Balupari, R., and Kindred, D. Statistical Approaches to DDoS Attack Detection and Response. In Proc. of DARPA Information Survivability Conference and Exposition (2003).
6. Jung, J., Paxson, V., Berger, A. W., and Balakrishnan, H. Fast Portscan Detection Using Sequential Hypothesis Testing. In Proc. of the IEEE Symposium on Security and Privacy (2004).
7. Karamcheti, V., Geiger, D., Kedem, Z., and Muthukrishnan, S. Detecting malicious network traffic using inverse distributions of packet contents. In Proc. of ACM SIGCOMM MineNet (2005).
8. Kazaa. www.kazaa.com.
9. Kumar, A., Sung, M., Xu, J., and Wang, J. Data streaming algorithms for efficient and accurate estimation of flow distribution. In Proc. of ACM SIGMETRICS (2004).
10. Lakhina, A., Crovella, M., and Diot, C. Mining anomalies using traffic feature distributions. In Proc. of ACM SIGCOMM (2005).
11. Lall, A., Sekar, V., Xu, J., Ogihara, M., and Zhang, H. Data streaming algorithms for estimating entropy of network traffic. In Proc. of ACM SIGMETRICS (2006).
12. Lee, W., and Xiang, D. Information-theoretic measures for anomaly detection. In Proc. of IEEE Symposium on Security and Privacy (2001).
13. Morrison, J. Blaster revisited. ACM Queue vol. 2 no. 4, June 2004.
14. Cisco Netflow. http://www.cisco.com/warp/public/732/Tech/nmp/netflow/ index.shtml.
15. Nychis, G., Sekar, V., Andersen, D. G., Kim, H., and Zhang, H. An Empirical Evaluation of Entropy-Based Traffic Anomaly Detection. Tech. Rep. CMU-CS-08-145, Computer Science Department, Carnegie Mellon University, 2008.
16. Phaal, P., Panchen, S., and Mckee, N. InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks. RFC 3176, 2001.
17. Trammell, B., and Boschi, E. Bidirectional Flow Export Using IP Flow Information Export (IPFIX). RFC 5103, 2008.
18. Wagner, A., and Plattner, B. Entropy Based Worm and Anomaly Detection in Fast IP Networks. In Proc. IEEE WET ICE (2005).
19. Xu, J., Fan, J., Ammar, M. H., and Moon, S. B. Prefix-preserving IP Address Anonymization: Measurement-based Security Evaluation and New Cryptography-based Scheme. In Proc. of IEEE ICNP (2002).
20. Xu, K., Zhang, Z., and Bhattacharyya, S. Profiling internet backbone traffic: Behavior models and applications. In Proc. of ACM SIGCOMM (2005).