Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.1.71

Network Attack Detection based on Multiple Entropies  

Kim Min-Taek (LG CNS Entrue Consulting)
Kwon Ki Hoon (KAIST)
Kim Sehun (KAIST)
Choi Young-Woo (KAIST)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.1, 2006 , pp. 71-77 More about this Journal
Abstract
Several network attacks, such as distributed denial of service (DDoS) attack, present a very serious threat to the stability of the internet. The threat posed by network attacks on large networks, such as the internet, demands effective detection method. Therefore, a simple intrusion detection system on large-scale backbone network is needed for the sake of real-time detection, preemption and detection efficiency. In this paper, in order to discriminate attack traffic from legitimate traffic on backbone links, we suggest a relatively simple statistical measure, entropy, which can track value frequency. Den is conspicuous distinction of entropy values between attack traffic and legitimate traffic. Therefore, we can identify what kind of attack it is as well as detecting the attack traffic using entropy value.
Keywords
DDoS; Entropy; Network attack detection;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 D. Moore et al, 'Inside the Slammer worm', IEEE Security & Privacy Magazine, vol.1 , no.4, pp. 33-39, July-Aug. 2003   DOI   ScienceOn
2 Dorothy E. Denning, 'An intrusion detection model', IEEE Transactions on Software Engineering, vol.13 no.2, pp. 222-232, 1987   DOI   ScienceOn
3 J. L. Hellerstein, F, Zhang, P, Shahabuddin, 'A statistical approach to predictive detection', Computer Networks, vol 35, pp.77-95, 2001   DOI   ScienceOn
4 N. Ye, S. Vilbert and Q. Chen, 'Computer Intrusion Detection Through EWMA for Autocorrelated and Uncorrelated Data', IEEE Transactions on Reliability, vol.52, no.1, March, 2003
5 Rocky K. C. Chang, 'Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial', IEEE Communications Magazine, Oct., 2002
6 박영호 등, '이동네트워크 환경에서 그룹키 관리구조,' 정보보호학회논문지, 2002
7 박영희 등, 'Diffie-Hallman 키 교환을 이용한 확장성을 가진 계층적 그룹키 설정 프로토콜,' 정보보호학회논문지, 2003
8 Hood, C., and Ji. c., 'Proactive network fault detection', In Proceeding of IEEE INFOCOM'97, pp. 1147-1155, 1997
9 Laura Feinstein and Ravindra Balupari, 'Statistical Approaches to DDoS attack Detection and Response', In Proceeding of the DARPA Information Survivability Conference and Exposition, 2003
10 권정옥 등, '일방향 함수와 XOR을 이용한 효율적인 그룹키 관리 프로토콜: ELKH,' 정보보호학회논문지, 2002
11 F. Zhang, J. L. Hellerstein, 'An Approach to On-line Predictive Detection', In Proceedings of 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, Aug., 2000
12 X. Gang, Z. Hui. 'Advanced methods for detecting unusual behaviors on networks in real-time', In Proceedings of International Conference on Communication Technology Proceedings, vol.1, pp. 291-295, Aug., 2000
13 C.E. Shannon, and W. Weaver, The Mathematical Theory of Communication, University of Illinois Press, 1963
14 권기훈 등 '트래픽 분석에 의한 광대역 네트워크 조기 경보 기법', 정보보호학회논문지, 제 14권 4호, 8월, 111-121쪽, 2004
15 조태남 등, '(2,4)-트리를 이용한 그룹키 관리,' 정보보호학회논문지, 2001
16 이상원 등, 'Pairing을 이용한 트리 기반 그룹키 합의 프로토콜,' 정보보호학회논문지, 2003
17 D. Moore et al, 'The Spread of the Sapphire/Slammer worm', http://www.ceide.org/outreach/papers/2003/sap-phire/sapphire.html