ARTICLE
TITLE

An Entropy-based Method for Attack Detection in Large Scale Network

SUMMARY

Intrusion Detection System (IDS) typically generates a huge number of alerts with high false rate, especially in the large scale network, which result in a huge challenge on the efficiency and accuracy of the network attack detection. In this paper, an entropy-based method is proposed to analyze the numerous IDS alerts and detect real network attacks. We use Shannon entropy to examine the distribution of the source IP address, destination IP address, source threat and destination threat and datagram length of IDS alerts; employ Renyi cross entropy to fuse the Shannon entropy vector to detect network attack. In the experiment, we deploy the Snort to monitor part of Xi’an Jiaotong University (XJTU) campus network including 32 C-class network (more than 4000 users), and gather more than 40,000 alerts per hour on average. The entropy-based method is employed to analyze those alerts and detect network attacks. The experiment result shows that our method can detect 96% attacks with very low false alert rate.

 Articles related

Yukun Dong,Jiantao Zhang,Zhen Li,Yong Hu,Yong Deng    

Although evidence theory has been applied in sensor data fusion, it will have unreasonable results when handling highly conflicting sensor reports. To address the issue, an improved fusing method with evidence distance and belief entropy is proposed. Gen... see more


Douaa Younis Abbaas    

There are many attempts tried to improve the encoding stage of FIC because it consumed time. These attempts worked by reducing size of the search pool for pair range-domain matching but most of them led to get a bad quality, or a lower compression ratio ... see more


Jayanti Yusmah Sari,Mutmainnah Muchtar,Mohammad Zarkasi,Agus Zainal Arifin    

Abstract Curse of dimensionality is a major problem in most classification tasks. Feature transformation and feature selection as a feature reduction method can be applied to overcome this problem. Despite of its good performance, feature transformation... see more


Christevan Destitus, Wella Wella, Suryasari Suryasari    

This study aims to clarify tweets on twitter using the Support Vector Machine and Information Gain methods. The clarification itself aims to find a hyperplane that separates the negative and positive classes. In the research stage, there is a system proc... see more

Revista: Ultima Infosys

(1) Achmad Fanany Onnilita Gaffar (Politeknik Negeri Samarinda, Indonesia) (2) Rheo Malani (Politeknik Negeri Samarinda, Indonesia) (3) Arief Bramanto Wicaksono Putra (Politeknik Negeri Samarinda, Indonesia)    

In principle, the image encryption algorithm produces an encrypted image. The encrypted image is composed of arbitrary patterns that do not provide any clues about plain image and its cipher key. Ideally, the encrypted image is entirely independent of it... see more