On-line anomaly detection based on relative entropy

Altyeb Altaher, Sureswaran Ramadass, Bhavani Thuraisingham, Mohammad Mehedy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Because the internet and computer networks are exposed to rapidly increasing number of serious security threats, efficient and effective anomaly detection techniques have become a necessity to secure the internet and computer networks. Traditional signature based anomaly detection techniques failed to detect polymorphic and new security threats. In this paper, we propose an online worm detection system based on relative entropy. The system effectively profiles network traffic features and then uses relative entropy to dynamically determine the traffic changes. It then applies adaptive filter to differentiate the traffic changes and determines whether the traffic is normal or contains worms. Our experimental results show that the proposed system is efficient for on-line anomaly detection, using traffic trace collected in high-speed links.

Original languageEnglish
Title of host publicationProceedings - 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011
Pages33-36
Number of pages4
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011 - Shenzhen, China
Duration: Oct 28 2011Oct 30 2011

Publication series

NameProceedings - 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011

Other

Other2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011
Country/TerritoryChina
CityShenzhen
Period10/28/1110/30/11

Keywords

  • Network anomaly detection
  • Network entropy
  • relative network entropy

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'On-line anomaly detection based on relative entropy'. Together they form a unique fingerprint.

Cite this