Research Article
A New Anomaly Detection Method Based on IGTE and IGFE
@INPROCEEDINGS{10.1007/978-3-319-23802-9_10, author={Ziyu Wang and Jiahai Yang and Fuliang Li}, title={A New Anomaly Detection Method Based on IGTE and IGFE}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II}, proceedings_a={SECURECOMM}, year={2015}, month={12}, keywords={Anomaly detection Regression IGTE IGFE}, doi={10.1007/978-3-319-23802-9_10} }- Ziyu Wang
Jiahai Yang
Fuliang Li
Year: 2015
A New Anomaly Detection Method Based on IGTE and IGFE
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23802-9_10
Abstract
Network anomalies have been a serious challenge for the Internet nowadays. In this paper, two new metrics, IGTE (Inter-group Traffic Entropy) and IGFE (Inter-group Flow Entropy), are proposed for network anomaly detection. It is observed that IGTE and IGFE are highly correlated and usually change synchronously when no anomaly occurs. However, once anomalies occur, this highly linear correlation would be destroyed. Based on this observation, we propose a linear regression model built upon IGTE and IGFE, to detect the network anomalies. We use both CERNET2 netflow data and synthetic data to validate the regression model and its corresponding detection method. The results show that the regression-based method works well and outperforms the well known wavelet-based detection method.
