Back
 JCC  Vol.2 No.11 , September 2014
Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection
Abstract: In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.
Cite this paper: Velarde-Alvarado, P. , Martinez-Pelaez, R. , Ruiz-Ibarra, J. and Morales-Rocha, V. (2014) Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection. Journal of Computer and Communications, 2, 24-30. doi: 10.4236/jcc.2014.211003.
References

[1]   Fung, C. and Boutaba, R. (2013) Intrusion Detection Networks: A Key to Collaborative Security. Auerbach Publications.

[2]   Kruegel, C., Valeur, F. and Vigna, G. (2005) Intrusion Detection and Correlation. Advances in Information Security. Springer.

[3]   Xu, K., Zhang, Z. and Bhattacharyya, S. (2005) Profiling Internet Backbone Traffic: Behavior Models and Applications. SIGCOMM, 2005, 22-26.

[4]   Nucci, A. and Bannerman, S. (2007) Controlled Chaos. IEEE Spectrum, 44, 42-48. http://dx.doi.org/10.1109/MSPEC.2007.4390022

[5]   Velarde-Alvarado, P., Vargas-Rosales, C., Torres-Roman, D. and Munoz-Rodriguez, D. (2008) Entropy Based Analysis of Worm Attacks in a Local Network. Research in Computing Science, 34, 225-235.

[6]   Copley, D., Hassell, R., Jack, B., Lynn, K., Permeh, R. and Soeder, D. (2003) ANALYSIS: Blaster Worm. eEye Digital Security Research. http://research.eeye.com/html/advisories/published/AL20030811.html

[7]   Ukai, Y. and Soeder, D. (2004) ANALYSIS: Sasser. eEye Digital Security Research. http://research.eeye.com/html/advisories/published/AD20040501.html

[8]   Jacobson, V., Leres, C. and McCanne, S. Tcpdump/libpcap. http://www.tcpdump.org/

[9]   A. Peppo, plab. Tool for Traffic Traces. http://www.grid.unina.it/software/Plab/

[10]   Trac Project. Libtrace. http://www.wand.net.nz/trac/libtrace

[11]   E. Kohler, ipsumdump. Traffic tool. http://www.cs.ucla.edu/~kohler/ipsumdump

[12]   Jolliffe, I.T. (2002) Principal Component Analysis, Series: Springer Series in Statistics. 2nd Edition, Springer, XXIX, 487 pp. 28.

 
 
Top