This page has only limited features, please log in for full access.
Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.
Przemysław Bereziński; Bartosz Jasiul; Marcin Szpyrka. An Entropy-Based Network Anomaly Detection Method. Entropy 2015, 17, 2367 -2408.
AMA StylePrzemysław Bereziński, Bartosz Jasiul, Marcin Szpyrka. An Entropy-Based Network Anomaly Detection Method. Entropy. 2015; 17 (4):2367-2408.
Chicago/Turabian StylePrzemysław Bereziński; Bartosz Jasiul; Marcin Szpyrka. 2015. "An Entropy-Based Network Anomaly Detection Method." Entropy 17, no. 4: 2367-2408.
Recently, entropy measures have shown a significant promise in detecting diverse set of network anomalies. While many different forms of entropy exist, only a few have been studied in the context of network anomaly detection. In the paper, results of our case study on entropy-based IP traffic anomaly detection are prestented. Besides the well-known Shannon approach and counter-based methods, variants of Tsallis and Renyi entropies combined with a set of feature distributions were employed to study their performance using a number of representative attack traces. Results suggest that parameterized entropies with a set of correctly selected feature distributions perform better than the traditional approach based on the Shannon entropy and counter-based methods.
Przemysław Bereziński; Józef Pawelec; Marek Małowidzki; Rafał Piotrowski. Entropy-Based Internet Traffic Anomaly Detection: A Case Study. Advances in Intelligent Systems and Computing 2014, 47 -58.
AMA StylePrzemysław Bereziński, Józef Pawelec, Marek Małowidzki, Rafał Piotrowski. Entropy-Based Internet Traffic Anomaly Detection: A Case Study. Advances in Intelligent Systems and Computing. 2014; ():47-58.
Chicago/Turabian StylePrzemysław Bereziński; Józef Pawelec; Marek Małowidzki; Rafał Piotrowski. 2014. "Entropy-Based Internet Traffic Anomaly Detection: A Case Study." Advances in Intelligent Systems and Computing , no. : 47-58.