Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics
@inproceedings{Tellenbach2013DetectionCA,
title={Detection, Classification and Visualization of Anomalies using Generalized Entropy Metrics},
author={Bernhard Tellenbach},
year={2013}
}Today, the Internet allows virtually anytime, anywhere acc ess to a seemingly unlimited supply of information and services. Statistics s uch as the six-fold increase of U.S. online retail sales since 2000 illustrate i ts growing importance to the global economy, and fuel our demand for rapid, ro und-the-clock Internet provision. This growth has created a need for syste m of control and management to regulate an increasingly complex infrast ructure. Unfortunately, the prospect of making fast…
Figures and Tables from this paper
figure 1.1 
table 1.1 
figure 1.2 
figure 1.3 
figure 1.4 
figure 2.1 
figure 2.2 
figure 3.1 
figure 3.2 
figure 3.3 
figure 3.4 
figure 3.5 
figure 3.6 
figure 3.7 
table 4.1 
table 4.2 
table 4.3 
table 4.4 
figure 5.1 
figure 5.10 
figure 5.11 
figure 5.2 
figure 5.3 
figure 5.4 
figure 5.5 
figure 5.6 
figure 5.7 
figure 5.8 
figure 5.9 
figure 6.1 
table 6.1 
figure 6.2 
table 6.2 
figure 6.3 
table 6.3 
figure 6.4 
figure 6.5 
figure 6.6 
figure 6.7 
figure 6.8 
figure A.1 
table A.1 
figure A.2 
table A.3 
figure A.3 
figure A.4 
figure A.5 
figure A.6 
figure A.7
10 Citations
An Entropy-Based Network Anomaly Detection Method
- Computer ScienceEntropy
- 2015
The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network.
D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events
- Computer ScienceJ. Netw. Comput. Appl.
- 2018
A Power Dissipation Monitoring Circuit for Intrusion Detection and Botnet Prevention on IoT Devices
- Computer ScienceComput.
- 2021
The present work introduces a circuit that is connected in series with the power supply of a smart device, specifically an IP camera, which allows analysis of its behavior and shows excellent performance in intrusion detection.
Entropy-Based Internet Traffic Anomaly Detection: A Case Study
- Computer ScienceDepCoS-RELCOMEX
- 2014
Results suggest that parameterized entropies with a set of correctly selected feature distributions perform better than the traditional approach based on the Shannon entropy and counter-based methods.
Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions
- Computer Science
- 2018
This chapter largely focuses on the current landscape of DDoS attack detection and defense mechanisms and provides detailed information about the latest modus operandi of various network and application layer DDoS attacks, and presents an extended taxonomy to accommodate the novel attack types.
Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions
- Computer ScienceConcurr. Comput. Pract. Exp.
- 2021
A comprehensive DDoS defense deployment taxonomy is presented and several existing distributed processing frameworks are characterized to select an appropriate one for deploying DDoS attack detection mechanisms.
Intrusion Detection and Botnet Prevention Circuit for IoT Devices
- Computer Science2020 5th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM)
- 2020
This work aims to introduce a circuit connected inline to the device’s power supply and analyze its behavior, and shows excellent efficiency in intrusion detection, with a 100% success.
Detecting Networks Anomalies and Attacks Using 3D Visualization
- Computer Science
- 2015
The main purpose of this paper is detecting the network anomalies based on a 3D visualization of computer network based on the interactivity between network administrator and the application happens in real-time.
Entropy-Defined Direct Batch Growing Hierarchical Self-Organizing Mapping for Efficient Network Anomaly Detection
- Computer ScienceIEEE Access
- 2021
The experimental results validate that the proposed model achieves a more efficient network anomaly detection than the conventional models, especially for real-world applications with unexpected anomaly data updating.
Versatile Cybersecurity
- Computer ScienceAdvances in Information Security
- 2018
This chapter introduces covert channels and focuses on a novel covert channel on Android-based Internet of Things (IoT) devices, able to make a covert channel using notifications a user gets from everyday applications.
References
SHOWING 1-10 OF 199 REFERENCES
An overview of anomaly detection techniques: Existing solutions and latest technological trends
- Computer ScienceComput. Networks
- 2007
Internet intrusions: global characteristics and prevalence
- Computer ScienceSIGMETRICS '03
- 2003
A set of firewall logs collected over four months from over 1600 different networks world wide is analyzed, finding that at daily timescales, intrusion targets often depict significant spatial trends that blur patterns observed from individual "IP telescopes"; this underscores the necessity for a more global approach to intrusion detection.
Anomaly detection methods in wired networks: a survey and taxonomy
- Computer ScienceComput. Commun.
- 2004
Practical anomaly detection based on classifying frequent traffic patterns
- Computer Science2012 Proceedings IEEE INFOCOM Workshops
- 2012
A novel scheme and system to detect and classify anomalies that is based on an elegant combination of frequent item-set mining with decision tree learning that has a very low false-positive rate and simplicity, so that an operator can easily comprehend how the detector and classifier operates.
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
- Computer Science2010 IEEE Symposium on Security and Privacy
- 2010
The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively.
Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods
- Computer ScienceIEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)
- 2010
The current state of the experimental practice in the area of anomaly-based intrusion detection is reviewed and 276 studies in this area published during the period of 2000-2008 are reviewed and the common pitfalls among surveyed works are identified.
Cost-based modeling for fraud and intrusion detection: results from the JAM project
- Computer ScienceProceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
- 2000
There is clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks.
Fast portscan detection using sequential hypothesis testing
- Computer ScienceIEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
- 2004
TRW (Threshold Random Walk), an online detection algorithm that identifies malicious remote hosts requires a much smaller number of connection attempts compared to previous schemes, while also providing theoretical bounds on the low probabilities of missed detection and false alarms.
Mining anomalies using traffic feature distributions
- Computer ScienceSIGCOMM '05
- 2005
It is argued that the distributions of packet features observed in flow traces reveals both the presence and the structure of a wide range of anomalies, and that using feature distributions, anomalies naturally fall into distinct and meaningful clusters that can be used to automatically classify anomalies and to uncover new anomaly types.
An empirical evaluation of entropy-based traffic anomaly detection
- Computer ScienceIMC '08
- 2008
This work considers two classes of distributions: flow-header features (IP addresses, ports, and flow-sizes), and behavioral features (degree distributions measuring the number of distinct destination/source IPs that each host communicates with) and observes that the timeseries of entropy values of the address and port distributions are strongly correlated with each other and provide very similar anomaly detection capabilities.