文章基本信息

标题：A New Attack Detection in Large Scale Network based on Entropy
本地全文：下载
作者：Qia, Qin ; Wang, Zhiwen
期刊名称：Journal of Networks
印刷版ISSN：1796-2056
出版年度：2012
卷号：7
期号：5
页码：863-868
DOI：10.4304/jnw.7.5.863-868
语种：English
出版社：Academy Publisher
摘要：Intrusion Detection System (IDS) typically generates a huge number of alerts with high false rate, especially in the large scale network, which result in a huge challenge on the efficiency and accuracy of the network attack detection. In this paper, an entropy-based method is proposed to analyze the numerous IDS alerts and detect real network attacks. We use Shannon entropy to examine the distribution of the source IP address, destination IP address, source threat and destination threat and datagram length of IDS alerts; employ Renyi cross entropy to fuse the Shannon entropy vector to detect network attack. In the experiment, we deploy the Snort to monitor part of Xi’an Jiaotong University (XJTU) campus network including 32 C-class network (more than 4000 users), and gather more than 40,000 alerts per hour on average. The entropy-based method is employed to analyze those alerts and detect network attacks. The experiment result shows that our method can detect 96% attacks with very low false alert rate.
关键词：Network Security;IDS;Shannon Entropy;Renyi Cross Entropy