Research Cell: An International Journal of Engineering Sciences

Open Access Open Access  Restricted Access Subscription Access

Anomaly Network Traffic Detection Using Entropy Calculation and Support Vector Machine


Affiliations
1 Department of Computer Science & Engineering, Central University of Rajasthan, Kishangarh, Ajmer, India
 

Intrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this paper, we propose a method for identifying abnormal traffic behaviour based on entropy and support vector machine. Main challenge is to distinguish between normal traffic and attack traffic since there is no major difference between normal and attack traffic. Our objective is to extract network features and make a model to identify the attack traffic. We propose an anomaly network traffic detection method based on Support Vector Machine (SVM) and entropy of network parameters.

Entropies of network parameters are extracted from the traffic coming in the network.Than Support vector machine model is developed to identify the attack traffic. The entropy of network traffic is calculated in certain duration, and then sends its outputs directly to the SVM model for analysis. We made two type of SVM model for identifying the attack traffic and normal traffic. Those are one class SVM and 2 dimensional SVM.

Experiments are performed on the 1999 DARPA Intrusion Detection Evaluation at Massachusetts Institute of Technology, Lincoln Lab. The first week of the data is attack free, while the second week of the data contains attacks. To evaluate the ability of the anomaly based intrusion detection system we only considering attack that has anomaly signature. Those are Portsweep, Ipsweep, Mailbomb, and Neptune. Experiment result demonstrates that our method works well with high detection rate of attack traffic and very less false alarm rate.


Keywords

Intrusion Detection, Denial of Service Attacks, Support Vector Machines, Entropy, Anomaly Traffic Detection.
User
Notifications
Font Size

Abstract Views: 294

PDF Views: 0




  • Anomaly Network Traffic Detection Using Entropy Calculation and Support Vector Machine

Abstract Views: 294  |  PDF Views: 0

Authors

Basant Agarwal
Department of Computer Science & Engineering, Central University of Rajasthan, Kishangarh, Ajmer, India

Abstract


Intrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this paper, we propose a method for identifying abnormal traffic behaviour based on entropy and support vector machine. Main challenge is to distinguish between normal traffic and attack traffic since there is no major difference between normal and attack traffic. Our objective is to extract network features and make a model to identify the attack traffic. We propose an anomaly network traffic detection method based on Support Vector Machine (SVM) and entropy of network parameters.

Entropies of network parameters are extracted from the traffic coming in the network.Than Support vector machine model is developed to identify the attack traffic. The entropy of network traffic is calculated in certain duration, and then sends its outputs directly to the SVM model for analysis. We made two type of SVM model for identifying the attack traffic and normal traffic. Those are one class SVM and 2 dimensional SVM.

Experiments are performed on the 1999 DARPA Intrusion Detection Evaluation at Massachusetts Institute of Technology, Lincoln Lab. The first week of the data is attack free, while the second week of the data contains attacks. To evaluate the ability of the anomaly based intrusion detection system we only considering attack that has anomaly signature. Those are Portsweep, Ipsweep, Mailbomb, and Neptune. Experiment result demonstrates that our method works well with high detection rate of attack traffic and very less false alarm rate.


Keywords


Intrusion Detection, Denial of Service Attacks, Support Vector Machines, Entropy, Anomaly Traffic Detection.