Machine Learning Enhanced Entropy-Based Network Anomaly Detection

Machine Learning Enhanced Entropy-Based Network Anomaly Detection

The advanced development of new technologies and heterogeneous environments relies on the proper processing of large data volumes, and accurate and fast response of real-time applications. Such circumstances provide a fertile ground for the appearance of diverse security concerns, thus challenging...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: TIMCENKO, V., GAJIN, S.
Formato: article
Lenguaje:EN
Publicado: Stefan cel Mare University of Suceava 2021
Materias:
clustering algorithms
data flow computing
entropy
intrusion detection
machine learning
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Computer engineering. Computer hardware
TK7885-7895
Acceso en línea:https://doaj.org/article/910e09f6d8304ef697572373f46f0447
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Descripción
Sumario:The advanced development of new technologies and heterogeneous environments relies on the proper processing of large data volumes, and accurate and fast response of real-time applications. Such circumstances provide a fertile ground for the appearance of diverse security concerns, thus challenging the scientific community for building more reliable and efficient Network Anomaly Detection Systems. This research proposes a comprehensive flow-based anomaly detection architecture, which encompasses techniques for entropy-based data processing and machine learning-based attack detection. It encompasses several attack categories and relies on the use of modelled and synthetically generated traffic patterns for Port Scan, Network Scan, DDoS amplification, flood, and dictionary attacks. The entropy-based analysis is used for easier detection of the hidden traffic patterns, as it can capture the behaviour of the biggest contributors, and of a large number of minor appearances in the feature distribution. The unusual traffic is then processed by the use of unsupervised machine learning algorithms. The approach is verified with datasets based on real network traffic, synthetically generated attack traffic instances and botnet traffic. The architecture is an original solution, planned for further real-network application, targeting the possible support for a range of different use cases.

Ejemplares similares