Abnormal network traffic detection approach based on alive entropy

Xiang Kun Mu; Jin Song Wang; Yu Feng Xue; Wei Huang

doi:10.3969/j.issn.1000-436x.2013.z2.011

Abnormal network traffic detection approach based on alive entropy

Xiang Kun Mu^*, Jin Song Wang, Yu Feng Xue, Wei Huang

^*Corresponding author for this work

Tianjin University of Technology

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

A novel alive entropy-based detection approach was proposed, which detects the abnormal network traffic based on the values of alive entropies. The alive entropies calculated based on the NetFlow data coming from the network traffic of input and output of a whole system, which is essentially a monitored network. In order to decrease false positive rate of abnormal network traffic, different scales are selected to compute the values of alive entropies in different sizes of network traffic. With the low false positive rate of abnormal network traffic, the abnormal network traffic can be effectively detected. Experiments carried out on a real campus network were used to evaluate the effectiveness of the proposed approach. A comparative study illustrates that the proposed approach may easily detect the abnormal network traffic with random characteristics in comparison with some "conventional" approaches reported in the literatures.

Original language	English
Pages (from-to)	51-57
Number of pages	7
Journal	Tongxin Xuebao/Journal on Communications
Volume	34
Issue number	SUPPL.2
DOIs	https://doi.org/10.3969/j.issn.1000-436x.2013.z2.011
Publication status	Published - Sept 2013
Externally published	Yes

Keywords

Abnormal traffic detection
Alive entropy
NetFlow analysis
Network traffic

Access to Document

10.3969/j.issn.1000-436x.2013.z2.011

Cite this

@article{d89c5d5d504a45caba74be0d0964b291,

title = "Abnormal network traffic detection approach based on alive entropy",

abstract = "A novel alive entropy-based detection approach was proposed, which detects the abnormal network traffic based on the values of alive entropies. The alive entropies calculated based on the NetFlow data coming from the network traffic of input and output of a whole system, which is essentially a monitored network. In order to decrease false positive rate of abnormal network traffic, different scales are selected to compute the values of alive entropies in different sizes of network traffic. With the low false positive rate of abnormal network traffic, the abnormal network traffic can be effectively detected. Experiments carried out on a real campus network were used to evaluate the effectiveness of the proposed approach. A comparative study illustrates that the proposed approach may easily detect the abnormal network traffic with random characteristics in comparison with some {"}conventional{"} approaches reported in the literatures.",

keywords = "Abnormal traffic detection, Alive entropy, NetFlow analysis, Network traffic",

author = "Mu, {Xiang Kun} and Wang, {Jin Song} and Xue, {Yu Feng} and Wei Huang",

year = "2013",

month = sep,

doi = "10.3969/j.issn.1000-436x.2013.z2.011",

language = "English",

volume = "34",

pages = "51--57",

journal = "Tongxin Xuebao/Journal on Communications",

issn = "1000-436X",

publisher = "Posts &Telecom Press",

number = "SUPPL.2",

}

TY - JOUR

T1 - Abnormal network traffic detection approach based on alive entropy

AU - Mu, Xiang Kun

AU - Wang, Jin Song

AU - Xue, Yu Feng

AU - Huang, Wei

PY - 2013/9

Y1 - 2013/9

N2 - A novel alive entropy-based detection approach was proposed, which detects the abnormal network traffic based on the values of alive entropies. The alive entropies calculated based on the NetFlow data coming from the network traffic of input and output of a whole system, which is essentially a monitored network. In order to decrease false positive rate of abnormal network traffic, different scales are selected to compute the values of alive entropies in different sizes of network traffic. With the low false positive rate of abnormal network traffic, the abnormal network traffic can be effectively detected. Experiments carried out on a real campus network were used to evaluate the effectiveness of the proposed approach. A comparative study illustrates that the proposed approach may easily detect the abnormal network traffic with random characteristics in comparison with some "conventional" approaches reported in the literatures.

AB - A novel alive entropy-based detection approach was proposed, which detects the abnormal network traffic based on the values of alive entropies. The alive entropies calculated based on the NetFlow data coming from the network traffic of input and output of a whole system, which is essentially a monitored network. In order to decrease false positive rate of abnormal network traffic, different scales are selected to compute the values of alive entropies in different sizes of network traffic. With the low false positive rate of abnormal network traffic, the abnormal network traffic can be effectively detected. Experiments carried out on a real campus network were used to evaluate the effectiveness of the proposed approach. A comparative study illustrates that the proposed approach may easily detect the abnormal network traffic with random characteristics in comparison with some "conventional" approaches reported in the literatures.

KW - Abnormal traffic detection

KW - Alive entropy

KW - NetFlow analysis

KW - Network traffic

UR - http://www.scopus.com/inward/record.url?scp=84891554766&partnerID=8YFLogxK

U2 - 10.3969/j.issn.1000-436x.2013.z2.011

DO - 10.3969/j.issn.1000-436x.2013.z2.011

M3 - Article

AN - SCOPUS:84891554766

SN - 1000-436X

VL - 34

SP - 51

EP - 57

JO - Tongxin Xuebao/Journal on Communications

JF - Tongxin Xuebao/Journal on Communications

IS - SUPPL.2

ER -

Abnormal network traffic detection approach based on alive entropy

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this