Entropy analysis method for attacks detection

Tamara Radivilova; Lyudmyla Kirichenko; Abed Saif Alghawli

doi:10.1109/PICST47496.2019.9061451

Entropy analysis method for attacks detection

Tamara Radivilova, Lyudmyla Kirichenko, Abed Saif Alghawli

Computer Sciences

Kharkiv National University of Radio Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.

Original language	English
Title of host publication	2019 IEEE International Scientific-Practical Conference
Subtitle of host publication	Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	443-446
Number of pages	4
ISBN (Electronic)	9781728141848
DOIs	https://doi.org/10.1109/PICST47496.2019.9061451
State	Published - Oct 2019
Event	2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Kyiv, Ukraine Duration: 8 Oct 2019 → 11 Oct 2019

Publication series

Name	2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings

Conference

Conference	2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019
Country/Territory	Ukraine
City	Kyiv
Period	8/10/19 → 11/10/19

Keywords

Anomaly detection
Attack identification systems
DDoS attacks
Maximum entropy
Network traffic
Protocol analysis

Access to Document

10.1109/PICST47496.2019.9061451

Cite this

Radivilova, T., Kirichenko, L., & Alghawli, A. S. (2019). Entropy analysis method for attacks detection. In 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings (pp. 443-446). Article 9061451 (2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PICST47496.2019.9061451

Radivilova, Tamara ; Kirichenko, Lyudmyla ; Alghawli, Abed Saif. / Entropy analysis method for attacks detection. 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 443-446 (2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings).

@inproceedings{5d6b245267404234a79cf673b2379fa8,

title = "Entropy analysis method for attacks detection",

abstract = "The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94\%, while false-positive values did not exceed 10\%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.",

keywords = "Anomaly detection, Attack identification systems, DDoS attacks, Maximum entropy, Network traffic, Protocol analysis",

author = "Tamara Radivilova and Lyudmyla Kirichenko and Alghawli, \{Abed Saif\}",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 ; Conference date: 08-10-2019 Through 11-10-2019",

year = "2019",

month = oct,

doi = "10.1109/PICST47496.2019.9061451",

language = "English",

series = "2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "443--446",

booktitle = "2019 IEEE International Scientific-Practical Conference",

address = "United States",

}

Radivilova, T, Kirichenko, L & Alghawli, AS 2019, Entropy analysis method for attacks detection. in 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings., 9061451, 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 443-446, 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019, Kyiv, Ukraine, 8/10/19. https://doi.org/10.1109/PICST47496.2019.9061451

Entropy analysis method for attacks detection. / Radivilova, Tamara; Kirichenko, Lyudmyla; Alghawli, Abed Saif.
2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 443-446 9061451 (2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Entropy analysis method for attacks detection

AU - Radivilova, Tamara

AU - Kirichenko, Lyudmyla

AU - Alghawli, Abed Saif

PY - 2019/10

Y1 - 2019/10

N2 - The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.

AB - The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.

KW - Anomaly detection

KW - Attack identification systems

KW - DDoS attacks

KW - Maximum entropy

KW - Network traffic

KW - Protocol analysis

UR - http://www.scopus.com/inward/record.url?scp=85083646268&partnerID=8YFLogxK

U2 - 10.1109/PICST47496.2019.9061451

DO - 10.1109/PICST47496.2019.9061451

M3 - Conference contribution

AN - SCOPUS:85083646268

T3 - 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings

SP - 443

EP - 446

BT - 2019 IEEE International Scientific-Practical Conference

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019

Y2 - 8 October 2019 through 11 October 2019

ER -

Radivilova T, Kirichenko L, Alghawli AS. Entropy analysis method for attacks detection. In 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. p. 443-446. 9061451. (2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019 - Proceedings). doi: 10.1109/PICST47496.2019.9061451

Entropy analysis method for attacks detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this