Entropy based worm and anomaly detection in fast IP networks

  title={Entropy based worm and anomaly detection in fast IP networks},
  author={Arno Wagner and Bernhard Plattner},
  journal={14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)},
Detecting massive network events like worm outbreaks in fast IP networks such as Internet backbones, is hard. One problem is that the amount of traffic data does not allow real-time analysis of details. Another problem is that the specific characteristics of these events are not known in advance. There is a need for analysis methods that are real-time capable and can handle large amounts of traffic data. We have developed an entropy-based approach that determines and reports entropy contents of… CONTINUE READING
Highly Cited
This paper has 254 citations. REVIEW CITATIONS

From This Paper

Topics from this paper.


Publications citing this paper.
Showing 1-10 of 157 extracted citations

Detecting network events via T-entropy

2007 6th International Conference on Information, Communications & Signal Processing • 2007
View 6 Excerpts
Highly Influenced

On Detecting Abrupt Changes in Network Entropy Time Series

Communications and Multimedia Security • 2011
View 5 Excerpts
Highly Influenced

An Overview of IP Flow-Based Intrusion Detection

IEEE Communications Surveys & Tutorials • 2010
View 3 Excerpts
Highly Influenced

A Novel Backbone Network Anomaly Detector via Clustering in Sketch Space

2018 IEEE Data Science Workshop (DSW) • 2018
View 1 Excerpt

Queryable Semantics to Detect Cyber-Attacks: A Flow-Based Detection Approach

IEEE Transactions on Systems, Man, and Cybernetics: Systems • 2018
View 1 Excerpt

254 Citations

Citations per Year
Semantic Scholar estimates that this publication has 254 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-8 of 8 references

An Introduction to Kolmogorov Complexity and Its Applications

Graduate Texts in Computer Science • 1997
View 3 Excerpts
Highly Influenced

MSBlast epidemic far larger than believed

R. Lemos
http://news.com.com/MSBlast+epidemic+far+ larger+than+believed/2100-7349_3-5184439.html • 2004
View 1 Excerpt

Measurement and analysis of worm propagation on Internet network topology

Proceedings. 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969) • 2004
View 1 Excerpt

Swiss Internet Analysis

O. Müller, D. Graf, A. Oppermann, H. Weibel
http: //www.swiss-internet-analysis.org/ • 2004
View 1 Excerpt

The Spread of the Witty Worm

IEEE Security & Privacy • 2004
View 1 Excerpt

Virus Bulletin: Virus information and overview - W32/Welchia. http://www.virusbtn.com/resources/viruses/ welchia.xml

H. Gabor Szappanos VirusBuster
View 1 Excerpt

Monitoring and early warning for internet worms

ACM Conference on Computer and Communications Security • 2003
View 1 Excerpt

Similar Papers

Loading similar papers…