Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics

@inproceedings{Tellenbach2013DetectionCA,
  title={Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics},
  author={Bernhard Tellenbach},
  year={2013}
}
Today, the Internet allows virtually anytime, anywhere acc ess to a seemingly unlimited supply of information and services. Statistics s uch as the six-fold increase of U.S. online retail sales since 2000 illustrate i ts growing importance to the global economy, and fuel our demand for rapid, ro und-the-clock Internet provision. This growth has created a need for syste m of control and management to regulate an increasingly complex infrast ructure. Unfortunately, the prospect of making fast… 
An Entropy-Based Network Anomaly Detection Method
TLDR
The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network.
A Power Dissipation Monitoring Circuit for Intrusion Detection and Botnet Prevention on IoT Devices
TLDR
The present work introduces a circuit that is connected in series with the power supply of a smart device, specifically an IP camera, which allows analysis of its behavior and shows excellent performance in intrusion detection.
Entropy-Based Internet Traffic Anomaly Detection: A Case Study
TLDR
Results suggest that parameterized entropies with a set of correctly selected feature distributions perform better than the traditional approach based on the Shannon entropy and counter-based methods.
Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions
TLDR
This chapter largely focuses on the current landscape of DDoS attack detection and defense mechanisms and provides detailed information about the latest modus operandi of various network and application layer DDoS attacks, and presents an extended taxonomy to accommodate the novel attack types.
Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions
TLDR
A comprehensive DDoS defense deployment taxonomy is presented and several existing distributed processing frameworks are characterized to select an appropriate one for deploying DDoS attack detection mechanisms.
Intrusion Detection and Botnet Prevention Circuit for IoT Devices
TLDR
This work aims to introduce a circuit connected inline to the device’s power supply and analyze its behavior, and shows excellent efficiency in intrusion detection, with a 100% success.
Detecting Networks Anomalies and Attacks Using 3D Visualization
TLDR
The main purpose of this paper is detecting the network anomalies based on a 3D visualization of computer network based on the interactivity between network administrator and the application happens in real-time.
Entropy-Defined Direct Batch Growing Hierarchical Self-Organizing Mapping for Efficient Network Anomaly Detection
TLDR
The experimental results validate that the proposed model achieves a more efficient network anomaly detection than the conventional models, especially for real-world applications with unexpected anomaly data updating.
Versatile Cybersecurity
TLDR
This chapter introduces covert channels and focuses on a novel covert channel on Android-based Internet of Things (IoT) devices, able to make a covert channel using notifications a user gets from everyday applications.

References

SHOWING 1-10 OF 199 REFERENCES
Internet intrusions: global characteristics and prevalence
TLDR
A set of firewall logs collected over four months from over 1600 different networks world wide is analyzed, finding that at daily timescales, intrusion targets often depict significant spatial trends that blur patterns observed from individual "IP telescopes"; this underscores the necessity for a more global approach to intrusion detection.
Practical anomaly detection based on classifying frequent traffic patterns
TLDR
A novel scheme and system to detect and classify anomalies that is based on an elegant combination of frequent item-set mining with decision tree learning that has a very low false-positive rate and simplicity, so that an operator can easily comprehend how the detector and classifier operates.
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
TLDR
The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively.
Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods
TLDR
The current state of the experimental practice in the area of anomaly-based intrusion detection is reviewed and 276 studies in this area published during the period of 2000-2008 are reviewed and the common pitfalls among surveyed works are identified.
Cost-based modeling for fraud and intrusion detection: results from the JAM project
TLDR
There is clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks.
Fast portscan detection using sequential hypothesis testing
TLDR
TRW (Threshold Random Walk), an online detection algorithm that identifies malicious remote hosts requires a much smaller number of connection attempts compared to previous schemes, while also providing theoretical bounds on the low probabilities of missed detection and false alarms.
Mining anomalies using traffic feature distributions
TLDR
It is argued that the distributions of packet features observed in flow traces reveals both the presence and the structure of a wide range of anomalies, and that using feature distributions, anomalies naturally fall into distinct and meaningful clusters that can be used to automatically classify anomalies and to uncover new anomaly types.
An empirical evaluation of entropy-based traffic anomaly detection
TLDR
This work considers two classes of distributions: flow-header features (IP addresses, ports, and flow-sizes), and behavioral features (degree distributions measuring the number of distinct destination/source IPs that each host communicates with) and observes that the timeseries of entropy values of the address and port distributions are strongly correlated with each other and provide very similar anomaly detection capabilities.
...
...