On Detecting Abrupt Changes in Network Entropy Time Series

Winter, Philipp; Lampesberger, Harald; Zeilinger, Markus; Hermann, Eckehard

doi:10.1007/978-3-642-24712-5_18

Cited by 18 publications

(17 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The significances of these two cases are different. Entropybased approaches for anomaly detection are appealing since they provide more fine-grained insights than traditional traffic volume analysis [31]. We are looking for abrupt changes, both the sharp increase and the sharp decline, in network entropy time series.…”

Section: Timeline Viewmentioning

confidence: 99%

A Matrix-Based Visualization System for Network Traffic Forensics

Shi

Yang

Zhao

et al. 2016

IEEE Systems Journal

View full text Add to dashboard Cite

Network forensics requires analysts to efficiently reason about various attack phenomena from massive data. Visualization techniques can convert abstract data into visual sensitive graphics; thus, forensic officers can extract useful information quickly. In this paper, we present a matrix-based visualization system for visualized forensic analysis on unintelligible traffic datasets. The system consists of three collaborative views, including the Timeline view integrating active features and individual dispersions based on information entropies for the perception of the overall time series, the Matrix view balancing the expression of network structure and distributions of IPs and ports for efficient events tracing, and the Historical view comparing statuses in successive time slots for dynamic trends tracking. The system provides a multilevel analysis architecture and multifaceted perspectives for comprehensive cognition in traffic forensics. In case studies, we describe the forensic process of this system, including identifying port scan, distributed denial of service, and botnet attacks, on the datasets in VAST Challenge 2013.

show abstract

Section: Timeline Viewmentioning

confidence: 99%

A Matrix-Based Visualization System for Network Traffic Forensics

Shi

Yang

Zhao

et al. 2016

IEEE Systems Journal

View full text Add to dashboard Cite

show abstract

“…Network flows are summaries; they provide unidirectional or bidirectional meta information about network packets that share the same source and destination, IP address, ports, and IP protocol number [83,199]. Any activity on the network layer creates flows, including UDP and ICMP.…”

Section: Network Layermentioning

confidence: 99%

Monitoring of Client-Cloud Interaction

Lampesberger

Rady

2015

Correct Software in Web Applications and Web Services

Self Cite

View full text Add to dashboard Cite

When a client consumes a cloud service, computational liabilities are transferred to the service provider in accordance to the cloud paradigm, and the client loses some control over software components. One way to raise assurance about correctness and dependability of a consumed service and its software components is monitoring. In particular, a monitor is a system that observes the behavior of another system, and observation points that expose the target system's state and state changes are required. Due to the cloud paradigm, popular techniques for monitoring such as code instrumentation are often not available to the client because of limited visibility, lack of control, and black-box software components. Based on a literature review, we identify potential observation points in today's cloud services. Furthermore, we investigate two cloud-specific monitoring applications based on our ongoing research. While service level agreement (SLA) monitoring ensures that agreed-upon conditions between clients and providers are met, language-based anomaly detection monitors the interaction between client and cloud for misuse attempts.

show abstract

“…In [3], the authors proposed linear exponential smoothing to detect Flooding and Scanning DDoS attacks using bytes, flows, and packets per minutes. They report a 24hour training time and a window size of 5 minutes to accurately detect deviations in traffic.…”

Section: Related Studiesmentioning

confidence: 99%

“…TES also considers trend in data and seasonality. Although such assumptions and additional elements are useful in other applications, such as making stock market predictions, there is no need to adopt any of these techniques due to the network traffic being unaffected by any trend or seasonality as the authors in [3] claim. The formula of SES is shown in…”

Section: Forchaos Detection Algorithmmentioning

confidence: 99%

ForChaos: Real Time Application DDoS Detection Using Forecasting and Chaos Theory in Smart Home IoT Network

Procopiou

Komninos

Douligeris

2019

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Recently, D/DoS attacks have been launched by zombie IoT devices in smart home networks. They pose a great threat to network systems with Application Layer DDoS attacks being especially hard to detect due to their stealth and seemingly legitimacy. In this paper, we propose ForChaos, a lightweight detection algorithm for IoT devices, which is based on forecasting and chaos theory to identify flooding and DDoS attacks. For every time-series behaviour collected, a forecasting-technique prediction is generated, based on a number of features, and the error between the two values is calculated. In order to assess the error of the forecasting from the actual value, the Lyapunov exponent is used to detect potential malicious behaviour. In NS-3 we evaluate our detection algorithm through a series of experiments in flooding and slow-rate DDoS attacks. The results are presented and discussed in detail and compared with related studies, demonstrating its effectiveness and robustness.

show abstract

On Detecting Abrupt Changes in Network Entropy Time Series

Cited by 18 publications

References 12 publications

A Matrix-Based Visualization System for Network Traffic Forensics

A Matrix-Based Visualization System for Network Traffic Forensics

Monitoring of Client-Cloud Interaction

ForChaos: Real Time Application DDoS Detection Using Forecasting and Chaos Theory in Smart Home IoT Network

Contact Info

Product

Resources

About