T. Radivilova, Lyudmyla Kirichenko, A. S. Alghawli
{"title":"攻击检测的熵分析方法","authors":"T. Radivilova, Lyudmyla Kirichenko, A. S. Alghawli","doi":"10.1109/PICST47496.2019.9061451","DOIUrl":null,"url":null,"abstract":"The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.","PeriodicalId":6764,"journal":{"name":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","volume":"1 1","pages":"443-446"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Entropy Analysis Method for Attacks Detection\",\"authors\":\"T. Radivilova, Lyudmyla Kirichenko, A. S. Alghawli\",\"doi\":\"10.1109/PICST47496.2019.9061451\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.\",\"PeriodicalId\":6764,\"journal\":{\"name\":\"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)\",\"volume\":\"1 1\",\"pages\":\"443-446\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PICST47496.2019.9061451\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PICST47496.2019.9061451","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
摘要
提出并实现了一种基于协议分析和最大熵法的网络流量检测方法。为了分析所提出方法的功能质量,我们使用了来自一个数据集的数据,该数据集包含各种协议和DDoS攻击、UDP洪水、TCP SYN流、Ping of Death攻击和HTTP洪水攻击的流量。所提出的最大熵分析方法已在软件上实现,其工作结果显示出高质量的攻击检测。该方法检测各种攻击的概率约为94%,而假阳性率不超过10%。该方法利用滑动窗口法快速地计算出最大熵,其优点是可以较早地检测到入侵。
The paper proposes and implements a network traffic analysis method for detecting attacks, which is based on protocol analysis and the maximum entropy method. To analyze the quality of functioning of the proposed method, we used data from a data set that contains traffic of various protocols and DDoS attacks, UDP floods, TCP SYN streams, Ping of Death attacks, and HTTP flood attacks. The proposed method for analyzing the maximum entropy was software implemented and the results of its work showed high-quality attack detection. The method can detect various attacks with a probability of about 94%, while false-positive values did not exceed 10%. The advantage of the method is the early detection of intrusions, due to the rapid calculation of the maximum entropy using the sliding window method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
