Title :
An On-Line Anomaly Detection Method Based on a New Stationary Metric - Entropy-Ratio
Author :
Ziyu Wang ; Jiahai Yang ; Fuliang Li
Author_Institution :
Inst. for Network Sci. & Cyberspace, Tsinghua Univ., Beijing, China
Abstract :
Anomaly detection has been a hot topic in recent years due to its capability of detecting zero day attacks. In this paper, we propose a new metric called Entropy-Ratio. We validate that the Entropy-Ratio is stationary. Making use of this observation, we combine the Least Mean Square algorithm and the Forward Linear Predictor to propose a new on-line detector called LMS-FLP detector. Using the two synthetic data sets - CEGI-6IX synthetic data and CERNET2 synthetic data, we validate that the LMS-FLP detector is very effective in detecting both anomalies involving many small IP flows and anomalies involving a few large IP flows.
Keywords :
IP networks; computer network security; entropy; least mean squares methods; CEGI-6IX synthetic data set; CERNET2 synthetic data set; forward linear predictor; large-IP flows; least mean square algorithm; online LMS-FLP detector; online anomaly detection method; small-IP flows; stationary entropy-ratio metric; zero-day attack detection capability; Detectors; Educational institutions; Entropy; Equations; IP networks; Mathematical model; Vectors; Entropy-Ratio; Forward Linear Predictor; Least Mean Square; anomaly detection;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.16
