%0 Conference Proceedings
%T Network Anomaly Detection Using Parameterized Entropy
%+ Military Communication Institute [Zegrze] (MCI)
%+ AGH University of Science and Technology [Krakow, PL] (AGH UST)
%A Bereziński, Przemysław
%A Szpyrka, Marcin
%A Jasiul, Bartosz
%A Mazur, Michał
%Z Part 7: Networking
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 13th IFIP International Conference on Computer Information Systems and Industrial Management (CISIM)
%C Ho Chi Minh City, Vietnam
%Y Khalid Saeed
%Y Václav Snášel
%I Springer
%3 Computer Information Systems and Industrial Management
%V LNCS-8838
%P 465-478
%8 2014-11-05
%D 2014
%R 10.1007/978-3-662-45237-0_43
%K anomaly detection
%K entropy
%K netflow
%K network traffic measurement
%Z Computer Science [cs]
%Z Humanities and Social Sciences/Library and information sciencesConference papers
%X Entropy-based anomaly detection has recently been extensively studied in order to overcome weaknesses of traditional volume and rule based approaches to network flows analysis. From many entropy measures only Shannon, Titchener and parameterized Renyi and Tsallis entropies have been applied to network anomaly detection. In the paper, our method based on parameterized entropy and supervised learning is presented. With this method we are able to detect a broad spectrum of anomalies with low false positive rate. In addition, we provide information revealing the anomaly type. The experimental results suggest that our method performs better than Shannon-based and volume-based approach.
%G English
%Z TC 8
%2 https://inria.hal.science/hal-01405630/document
%2 https://inria.hal.science/hal-01405630/file/978-3-662-45237-0_43_Chapter.pdf
%L hal-01405630
%U https://inria.hal.science/hal-01405630
%~ SHS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC8
%~ IFIP-LNCS-8838
%~ IFIP-CISIM