Machine Learning Enhanced Entropy-Based Network Anomaly Detection

Machine Learning Enhanced Entropy-Based Network Anomaly Detection

The advanced development of new technologies and heterogeneous environments relies on the proper processing of large data volumes, and accurate and fast response of real-time applications. Such circumstances provide a fertile ground for the appearance of diverse security concerns, thus challenging...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: TIMCENKO, V., GAJIN, S.
Formato: article
Lenguaje:EN
Publicado: Stefan cel Mare University of Suceava 2021
Materias:
clustering algorithms
data flow computing
entropy
intrusion detection
machine learning
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Computer engineering. Computer hardware
TK7885-7895
Acceso en línea:https://doaj.org/article/910e09f6d8304ef697572373f46f0447
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:910e09f6d8304ef697572373f46f0447
record_format dspace
spelling oai:doaj.org-article:910e09f6d8304ef697572373f46f04472021-12-05T17:03:49ZMachine Learning Enhanced Entropy-Based Network Anomaly Detection1582-74451844-760010.4316/AECE.2021.04006https://doaj.org/article/910e09f6d8304ef697572373f46f04472021-11-01T00:00:00Zhttp://dx.doi.org/10.4316/AECE.2021.04006https://doaj.org/toc/1582-7445https://doaj.org/toc/1844-7600The advanced development of new technologies and heterogeneous environments relies on the proper processing of large data volumes, and accurate and fast response of real-time applications. Such circumstances provide a fertile ground for the appearance of diverse security concerns, thus challenging the scientific community for building more reliable and efficient Network Anomaly Detection Systems. This research proposes a comprehensive flow-based anomaly detection architecture, which encompasses techniques for entropy-based data processing and machine learning-based attack detection. It encompasses several attack categories and relies on the use of modelled and synthetically generated traffic patterns for Port Scan, Network Scan, DDoS amplification, flood, and dictionary attacks. The entropy-based analysis is used for easier detection of the hidden traffic patterns, as it can capture the behaviour of the biggest contributors, and of a large number of minor appearances in the feature distribution. The unusual traffic is then processed by the use of unsupervised machine learning algorithms. The approach is verified with datasets based on real network traffic, synthetically generated attack traffic instances and botnet traffic. The architecture is an original solution, planned for further real-network application, targeting the possible support for a range of different use cases.TIMCENKO, V.GAJIN, S.Stefan cel Mare University of Suceavaarticleclustering algorithmsdata flow computingentropyintrusion detectionmachine learningElectrical engineering. Electronics. Nuclear engineeringTK1-9971Computer engineering. Computer hardwareTK7885-7895ENAdvances in Electrical and Computer Engineering, Vol 21, Iss 4, Pp 51-60 (2021)
institution DOAJ
collection DOAJ
language EN
topic clustering algorithms
data flow computing
entropy
intrusion detection
machine learning
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Computer engineering. Computer hardware
TK7885-7895
spellingShingle clustering algorithms
data flow computing
entropy
intrusion detection
machine learning
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Computer engineering. Computer hardware
TK7885-7895
TIMCENKO, V.
GAJIN, S.
Machine Learning Enhanced Entropy-Based Network Anomaly Detection
description The advanced development of new technologies and heterogeneous environments relies on the proper processing of large data volumes, and accurate and fast response of real-time applications. Such circumstances provide a fertile ground for the appearance of diverse security concerns, thus challenging the scientific community for building more reliable and efficient Network Anomaly Detection Systems. This research proposes a comprehensive flow-based anomaly detection architecture, which encompasses techniques for entropy-based data processing and machine learning-based attack detection. It encompasses several attack categories and relies on the use of modelled and synthetically generated traffic patterns for Port Scan, Network Scan, DDoS amplification, flood, and dictionary attacks. The entropy-based analysis is used for easier detection of the hidden traffic patterns, as it can capture the behaviour of the biggest contributors, and of a large number of minor appearances in the feature distribution. The unusual traffic is then processed by the use of unsupervised machine learning algorithms. The approach is verified with datasets based on real network traffic, synthetically generated attack traffic instances and botnet traffic. The architecture is an original solution, planned for further real-network application, targeting the possible support for a range of different use cases.
format article
author TIMCENKO, V.
GAJIN, S.
author_facet TIMCENKO, V.
GAJIN, S.
author_sort TIMCENKO, V.
title Machine Learning Enhanced Entropy-Based Network Anomaly Detection
title_short Machine Learning Enhanced Entropy-Based Network Anomaly Detection
title_full Machine Learning Enhanced Entropy-Based Network Anomaly Detection
title_fullStr Machine Learning Enhanced Entropy-Based Network Anomaly Detection
title_full_unstemmed Machine Learning Enhanced Entropy-Based Network Anomaly Detection
title_sort machine learning enhanced entropy-based network anomaly detection
publisher Stefan cel Mare University of Suceava
publishDate 2021
url https://doaj.org/article/910e09f6d8304ef697572373f46f0447
work_keys_str_mv AT timcenkov machinelearningenhancedentropybasednetworkanomalydetection
AT gajins machinelearningenhancedentropybasednetworkanomalydetection
_version_ 1718371250938576896

Ejemplares similares