An Entropy-based Method for Attack Detection in Large Scale Network


Intrusion Detection System (IDS) typically generates a huge number of alerts with high false rate, especially in the large scale network, which result in a huge challenge on the efficiency and accuracy of the network attack detection. In this paper, an entropy-based method is proposed to analyze the numerous IDS alerts and detect real network attacks. We use Shannon entropy to examine the distribution of the source IP address, destination IP address, source threat and destination threat and datagram length of IDS alerts; employ Renyi cross entropy to fuse the Shannon entropy vector to detect network attack. In the experiment, we deploy the Snort to monitor part of Xi’an Jiaotong University (XJTU) campus network including 32 C-class network (more than 4000 users), and gather more than 40,000 alerts per hour on average. The entropy-based method is employed to analyze those alerts and detect network attacks. The experiment result shows that our method can detect 96% attacks with very low false alert rate.

 Articles related

Meirista Wulandari    

There are a lot of applications of pattern recognition which need input image with a certain size. The size effect the result of pattern recognition. Determining size of image adopts interpolation technique. Interpolated image’s quality depends on interp... see more


Ni Putu Chendy Widya Santi, I Ketut Gede Darma Putra, I Made Sunia Raharja    

Content Based Image Retrieval (CBIR) is a technique for searching images from database based on information from the image which developed because the technique based on text-based is less effective for represent an image. CBIR skin disease in this resea... see more