Entropy Based Worm and Anomaly Detection in Fast IP Networks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Arno Wagner Articles by Bernhard Plattner

14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)

Linkoping, Sweden

June 13-June 15

ISBN: 0-7695-2362-5

	ASCII Text	x
	Arno Wagner, Bernhard Plattner, "Entropy Based Worm and Anomaly Detection in Fast IP Networks," Enabling Technologies, IEEE International Workshops on, pp. 172-177, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005.

	BibTex	x
	@article{ 10.1109/WETICE.2005.35, author = {Arno Wagner and Bernhard Plattner}, title = {Entropy Based Worm and Anomaly Detection in Fast IP Networks}, journal ={Enabling Technologies, IEEE International Workshops on}, volume = {0}, year = {2005}, issn = {1524-4547}, pages = {172-177}, doi = {http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.35}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Enabling Technologies, IEEE International Workshops on TI - Entropy Based Worm and Anomaly Detection in Fast IP Networks SN - 1524-4547 SP172 EP177 A1 - Arno Wagner, A1 - Bernhard Plattner, PY - 2005 KW - null VL - 0 JA - Enabling Technologies, IEEE International Workshops on ER -

Arno Wagner, Swiss Federal Institute of Technology Zurich

Bernhard Plattner, Swiss Federal Institute of Technology Zurich

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.35

Detecting massive network events like worm outbreaks in fast IP networks, such as Internet backbones, is hard. One problem is that the amount of traffic data does not allow real-time analysis of details. Another problem is that the specific characteristics of these events are not known in advance. There is a need for analysis methods that are real-time capable and can handle large amounts of traffic data. We have developed an entropy-based approach, that determines and reports entropy contents of traffic parameters such as IP addresses. Changes in the entropy content indicate a massive network event. We give analyses on two Internet worms as proof-of-concept. While our primary focus is detection of fast worms, our approach should also be able to detect other network events. We discuss implementation alternatives and give benchmark results. We also show that our approach scales very well.

Citation:

Arno Wagner, Bernhard Plattner, "Entropy Based Worm and Anomaly Detection in Fast IP Networks," wetice, pp.172-177, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.