{"title":"柯尔莫哥洛夫复杂度在异常检测中的应用","authors":"A. Ukil","doi":"10.1109/APCC.2010.5679753","DOIUrl":null,"url":null,"abstract":"Kolmogorov complexity is the basis of algorithmic randomness theory. It quantifies the amount of information of individual object, which is measured by the size of its smallest algorithmic description. The concept of Kolmogorov complexity is used in many applications like spam filtering, data compression, information assurance etc. In this paper, we present the application of Kolmogorov complexity in network security field, particularly for anomaly detection. In order to accomplish that, it is assumed that most of the network attacks change the structure of the traffic. This enforces anomaly and hence subsequent intrusion can be detected if the structure or signature of the traffic flow is investigated. From this notion, we propose a signature based anomaly detection scheme. We show through simulation results that with the help of Kolmogorov complexity, we can detect traffic pattern abnormality in a simplistic way. This detection and quantification of traffic pattern eventually lead to anomaly detection.","PeriodicalId":402292,"journal":{"name":"2010 16th Asia-Pacific Conference on Communications (APCC)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Application of Kolmogorov complexity in anomaly detection\",\"authors\":\"A. Ukil\",\"doi\":\"10.1109/APCC.2010.5679753\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Kolmogorov complexity is the basis of algorithmic randomness theory. It quantifies the amount of information of individual object, which is measured by the size of its smallest algorithmic description. The concept of Kolmogorov complexity is used in many applications like spam filtering, data compression, information assurance etc. In this paper, we present the application of Kolmogorov complexity in network security field, particularly for anomaly detection. In order to accomplish that, it is assumed that most of the network attacks change the structure of the traffic. This enforces anomaly and hence subsequent intrusion can be detected if the structure or signature of the traffic flow is investigated. From this notion, we propose a signature based anomaly detection scheme. We show through simulation results that with the help of Kolmogorov complexity, we can detect traffic pattern abnormality in a simplistic way. This detection and quantification of traffic pattern eventually lead to anomaly detection.\",\"PeriodicalId\":402292,\"journal\":{\"name\":\"2010 16th Asia-Pacific Conference on Communications (APCC)\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 16th Asia-Pacific Conference on Communications (APCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APCC.2010.5679753\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 16th Asia-Pacific Conference on Communications (APCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APCC.2010.5679753","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Application of Kolmogorov complexity in anomaly detection
Kolmogorov complexity is the basis of algorithmic randomness theory. It quantifies the amount of information of individual object, which is measured by the size of its smallest algorithmic description. The concept of Kolmogorov complexity is used in many applications like spam filtering, data compression, information assurance etc. In this paper, we present the application of Kolmogorov complexity in network security field, particularly for anomaly detection. In order to accomplish that, it is assumed that most of the network attacks change the structure of the traffic. This enforces anomaly and hence subsequent intrusion can be detected if the structure or signature of the traffic flow is investigated. From this notion, we propose a signature based anomaly detection scheme. We show through simulation results that with the help of Kolmogorov complexity, we can detect traffic pattern abnormality in a simplistic way. This detection and quantification of traffic pattern eventually lead to anomaly detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
