A Wavelet Entropy-Based Change Point Detection on Network Traffic: A Case Study of Heartbleed Vulnerability

Author

Chonho Lee ; Liu Yi ; Li-Hau Tan ; Weihan Goh ; Bu-Sung Lee ; Chai-Kiat Yeo

Author_Institution

Sch. of Comput. Eng., Nanyang Technol. Univ., Singapore, Singapore

fYear

2014

fDate

15-18 Dec. 2014

Firstpage

995

Lastpage

1000

Abstract

This paper investigates network traffic before and after a vulnerability called Heart bleed becomes a public issue around March to May, 2014. To detect anomalies and potential threats due to the vulnerability, a wavelet entropy-based change-point detection method is proposed and compared with three other methods: prediction-based, clustering-based and Fourier transform-based. We show that the proposed wavelet entropy-based method outperforms the others in terms of ease of parameter setting, false alarm and detection accuracy. Using the proposed method and a visualization tool, we have studied Heart bleed vulnerability and successfully captured changes in packet volume and flow.

Keywords

Fourier transforms; computer network security; data visualisation; pattern clustering; telecommunication traffic; wavelet transforms; Fourier transform-based method; clustering-based method; false alarm; heartbleed vulnerability; network traffic; parameter setting; potential threats; prediction-based method; public issue; visualization tool; wavelet entropy-based change point detection; Entropy; Google; Ports (Computers); Security; Time series analysis; Time-frequency analysis; Wavelet transforms; Change-point detection; Cyber-security; Network traffic; Vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on

Conference_Location

Singapore

Type

conf

DOI

10.1109/CloudCom.2014.78

Filename

7037796