Network Anomaly Detection Using Parameterized Entropy

Bereziński, Przemysław; Szpyrka, Marcin; Jasiul, Bartosz; Mazur, Michał

doi:10.1007/978-3-662-45237-0_43

Cited by 21 publications

(13 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To produce synthetic anomaly traces a dedicated tool in Python language was developed. More details about the tool and the generation process can be found in our research [126].…”

Section: Legitimate Trafficmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

Self Cite

163

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

“…To produce synthetic anomaly traces a dedicated tool in Python language was developed. More details about the tool and the generation process can be found in our research [126].…”

Section: Legitimate Trafficmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

Self Cite

163

View full text Add to dashboard Cite

show abstract

“…Great effort has been put lately in static analysis of malicious codes because this technique generally has brought good accuracy in malware detection [3], [14], [25]. Even though it is an appropriate technique [16] in case of traditionally compiled machine code, the most difficult problem it faces is difficulty to handle obfuscated binaries [28].…”

Section: Malware Detection Techniques -An Overviewmentioning

confidence: 99%

Malware Behavior Modeling with Colored Petri Nets

Jasiul

Szpyrka

Śliwa

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Part 9: Various Aspects of Computer SecurityInternational audienceWe propose a solution which provides a system operator with a mechanism that enables tracking and tracing of malware behavior which – in consequence – leads to its detection and neutralization. The detection is performed in two steps. Firstly single malicious activities are identified and filtered out. As they come from the identification module, they are compared with malware models constructed in the form of Colored Petri nets. In this article we present our approach to malware modeling. Proposed method was implemented and practically verified in laboratory environment with emulated malicious activity at the hosts level

show abstract

“…Network anomaly detection is becoming an essential area of research. The growing number of IP networks threats and the growing volume of transmitted data require new methods of network traffic data analysis [8], [13]. For the purpose of this work, a part of the university network was selected to capture data for analysis.…”

Section: Usability Studiesmentioning

confidence: 99%

Classifiers for Behavioral Patterns Identification Induced from Huge Temporal Data

Bazan

Szczur

Dydo

et al. 2016

Self Cite

View full text Add to dashboard Cite

Abstract.A new method of constructing classifiers from huge volume of temporal data is proposed in the paper. The novelty of introduced method lies in a multi-stage approach to constructing hierarchical classifiers that combines process mining, feature extraction based on temporal patterns and constructing classifiers based on a decision tree. Such an approach seems to be practical when dealing with huge volume of temporal data. As a proof of concept a system has been constructed for packet-based network traffic anomaly detection, where anomalies are represented by spatio-temporal complex concepts and called by behavioral patterns. Hierarchical classifiers constructed with the new approach turned out to be better than "flat" classifiers based directly on captured network traffic data.

show abstract

Network Anomaly Detection Using Parameterized Entropy

Cited by 21 publications

References 18 publications

An Entropy-Based Network Anomaly Detection Method

An Entropy-Based Network Anomaly Detection Method

Malware Behavior Modeling with Colored Petri Nets

Classifiers for Behavioral Patterns Identification Induced from Huge Temporal Data

Contact Info

Product

Resources

About