Using Entropy Spaces and Mixtures of Gaussian Distributions to Characterize Traffic Anomalies

In this paper, a technique for detecting anomalous behavior traffic in a computer network is presented. Entropy space method is based on a 3D-space built on a flow-packet level. The complete set of points obtained in the 3D-space can be seen as a data cloud. Each 3D point in the space is a value of...

Full description

Saved in:
Bibliographic Details
Published in:Procedia technology 2012, Vol.3, p.97-108
Main Authors: Velarde-Alvarado, Pablo, MartĂ­nez-Herrera, Alberto F., Iriarte-Solis, Adalberto
Format: Article
Language:English
Subjects:
Entropy
Intrusion Detection System
Pattern Recognition
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, a technique for detecting anomalous behavior traffic in a computer network is presented. Entropy space method is based on a 3D-space built on a flow-packet level. The complete set of points obtained in the 3D-space can be seen as a data cloud. Each 3D point in the space is a value of the obtained clusters for each slot of the network traffic. The selected features for the set of points are done by applying Pattern Recognition, Principal Component Analysis, and Kernel Density Estimation. At the next stage, the network traffic can be modelled by using Gaussian Mixtures and Extreme Generalized Distributions, which define the behavior of each selected feature. By integrating this model in an Anomaly-based Intrusion Detection System, anomalous behaviour traffic can be detected easily and early. The effectiveness and feasibility of this model was tested in a Local Area Network of a Campus
ISSN:2212-0173
2212-0173
DOI:10.1016/j.protcy.2012.03.011