Title :
Application of Kolmogorov complexity in anomaly detection
Author_Institution :
Tata Consultancy Services, Innovation Labs., Kolkata, India
fDate :
Oct. 31 2010-Nov. 3 2010
Abstract :
Kolmogorov complexity is the basis of algorithmic randomness theory. It quantifies the amount of information of individual object, which is measured by the size of its smallest algorithmic description. The concept of Kolmogorov complexity is used in many applications like spam filtering, data compression, information assurance etc. In this paper, we present the application of Kolmogorov complexity in network security field, particularly for anomaly detection. In order to accomplish that, it is assumed that most of the network attacks change the structure of the traffic. This enforces anomaly and hence subsequent intrusion can be detected if the structure or signature of the traffic flow is investigated. From this notion, we propose a signature based anomaly detection scheme. We show through simulation results that with the help of Kolmogorov complexity, we can detect traffic pattern abnormality in a simplistic way. This detection and quantification of traffic pattern eventually lead to anomaly detection.
Keywords :
communication complexity; security of data; telecommunication security; telecommunication traffic; Kolmogorov complexity; algorithmic randomness theory; anomaly detection; network attacks; network security; traffic flow; traffic pattern abnormality; Analytical models; Complexity theory; Computers; Detectors; Indexes; Measurement; Simulation; IDS; anomaly detection; intrusion detection; kolmogorov complexity;
Conference_Titel :
Communications (APCC), 2010 16th Asia-Pacific Conference on
Conference_Location :
Auckland
Print_ISBN :
978-1-4244-8128-6
Electronic_ISBN :
978-1-4244-8127-9
DOI :
10.1109/APCC.2010.5679753
