Information Theory and Data-Mining  Techniques for Network Traffic Profiling for Intrusion Detection

Pablo Velarde-Alvarado; Rafael Martinez-Pelaez; Joel Ruiz-Ibarra; Victor Morales-Rocha

doi:10.4236/jcc.2014.211003

Journal of Computer and Communications > Vol.2 No.11, September 2014

Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection

Pablo Velarde-Alvarado^1*, Rafael Martinez-Pelaez¹, Joel Ruiz-Ibarra¹, Victor Morales-Rocha²
¹Autonomous University of Nayarit, Area of Basic Sciences and Engineering, Ciudad de la Cultura “Amado Nervo”, Tepic, Nayarit, Mexico.
²Department of Electrical and Computer Engineering, Autonomous University of Ciudad Juarez, Ciudad Juarez, Mexico.
DOI: 10.4236/jcc.2014.211003 PDF HTML 3,476 Downloads 5,195 Views Citations

Abstract

In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.

Keywords

Intrusion Detection, Traffic Profiling, Entropy, and Network Worms

Share and Cite:

Velarde-Alvarado, P. , Martinez-Pelaez, R. , Ruiz-Ibarra, J. and Morales-Rocha, V. (2014) Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection. Journal of Computer and Communications, 2, 24-30. doi: 10.4236/jcc.2014.211003.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	Fung, C. and Boutaba, R. (2013) Intrusion Detection Networks: A Key to Collaborative Security. Auerbach Publications.
[2]	Kruegel, C., Valeur, F. and Vigna, G. (2005) Intrusion Detection and Correlation. Advances in Information Security. Springer.
[3]	Xu, K., Zhang, Z. and Bhattacharyya, S. (2005) Profiling Internet Backbone Traffic: Behavior Models and Applications. SIGCOMM, 2005, 22-26.
[4]	Nucci, A. and Bannerman, S. (2007) Controlled Chaos. IEEE Spectrum, 44, 42-48. http://dx.doi.org/10.1109/MSPEC.2007.4390022
[5]	Velarde-Alvarado, P., Vargas-Rosales, C., Torres-Roman, D. and Munoz-Rodriguez, D. (2008) Entropy Based Analysis of Worm Attacks in a Local Network. Research in Computing Science, 34, 225-235.
[6]	Copley, D., Hassell, R., Jack, B., Lynn, K., Permeh, R. and Soeder, D. (2003) ANALYSIS: Blaster Worm. eEye Digital Security Research. http://research.eeye.com/html/advisories/published/AL20030811.html
[7]	Ukai, Y. and Soeder, D. (2004) ANALYSIS: Sasser. eEye Digital Security Research. http://research.eeye.com/html/advisories/published/AD20040501.html
[8]	Jacobson, V., Leres, C. and McCanne, S. Tcpdump/libpcap. http://www.tcpdump.org/
[9]	A. Peppo, plab. Tool for Traffic Traces. http://www.grid.unina.it/software/Plab/
[10]	Trac Project. Libtrace. http://www.wand.net.nz/trac/libtrace
[11]	E. Kohler, ipsumdump. Traffic tool. http://www.cs.ucla.edu/~kohler/ipsumdump
[12]	Jolliffe, I.T. (2002) Principal Component Analysis, Series: Springer Series in Statistics. 2nd Edition, Springer, XXIX, 487 pp. 28.

Journals Menu

Follow SCIRP

	+1 323-425-8868
	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies