An application of information theory to intrusion detection

被引：12

作者：

Eiland, E. Earl ^{[1
]}

Liebrock, Lorie M. ^{[1
]}

机构：

[1] New Mexico Inst Min & Technol, Dept Comp Sci, Socorro, NM 87801 USA

来源：

FOURTH IEEE INTERNATIONAL WORKSHOP ON INFORMATION ASSURANCE, PROCEEDINGS | 2006年

关键词：

D O I：

10.1109/IWIA.2006.3

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Zero-day attacks, new (anomalous) attacks exploiting previously unknown, system vulnerabilities, am a serious threat. Defending against them is no easy task, however. Having identified "degree of system knowledge" as one difference between legitimate and illegitimate users, theorists have drawn on information theory as a basis for intrusion detection. In particular, Kolmogorov complexity (K) has been used successfully. In this work, we consider information distance (Observed-K - Expected-K) as a method of detecting system, scans. Observed-K is computed directly, Expected-K is taken from compression tests shared herein. Results are encouraging. Observed scan traffic has an information distance at least an order of magnitude greater than the threshold value we determined for normal Internet traffic. With 320 KB packet blocks, separation between distributions appears to exceed 4 sigma.

引用

页码：119 / +

页数：4

共 50 条

[1] Application of Negative Selection Theory in Intrusion Detection
Xing, Yunhui
Lin, Zhaowen
Ma, Yan
[J]. PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON MECHATRONICS, MATERIALS, CHEMISTRY AND COMPUTER ENGINEERING 2015 (ICMMCCE 2015), 2015, 39 : 2763 - 2770
[2] Using information theory in pattern recognition for intrusion detection
Madani, Meysam.
Nowroozi, Alireza.
[J]. Journal of Theoretical and Applied Information Technology, 2011, 34 (02): : 138 - 142
[3] Application of rough set theory to intrusion detection system
Wang, Xuren
He, Famei
Liu, Lizhen
[J]. GRC: 2007 IEEE INTERNATIONAL CONFERENCE ON GRANULAR COMPUTING, PROCEEDINGS, 2007, : 562 - +
[4] Rate distortion theory and its application in intrusion detection
Zhao, JZ
You, L
Sun, SL
Xu, MZ
[J]. PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON NEURAL NETWORKS AND BRAIN, VOLS 1-3, 2005, : 759 - 762
[5] Application of Gray Theory and Data Fusion in Intrusion Detection
Xu Da-wei
Liu Yi-an
Wei Min
[J]. 2010 INTERNATIONAL CONFERENCE ON MANAGEMENT SCIENCE AND ENGINEERING (MSE 2010), VOL 4, 2010, : 131 - 135
[6] Optimum response scheme of intrusion detection based on information theory
基于信息论的入侵检测最佳响应方案
[J]. 1600, Editorial Board of Journal on Communications (41): : 121 - 130
[7] CluSID: a clustering scheme for intrusion detection, improved by information theory
Shokri, R
Oroumchian, F
Yazdani, N
[J]. 2005 13th IEEE International Conference on Networks Jointly held with the 2005 7th IEEE Malaysia International Conference on Communications, Proceedings 1 and 2, 2005, : 553 - 558
[8] Application of intelligent information processing technologies to intrusion detection system
Wang, Xuren
He, Famei
Peng, Yan
[J]. General System and Control System, Vol I, 2007, : 274 - 277
[9] Intrusion detection: Introduction to intrusion detection and security information management
Debar, H
Viinikka, J
[J]. FOUNDATIONS OF SECURITY ANALYSIS AND DESIGN III, 2005, 3655 : 207 - 236
[10] An Intrusion Detection Feature Extraction Method Based on Information Theory Model
Song, Yong
Cai, Zhi-Ping
[J]. Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China, 2018, 47 (02): : 267 - 271

← 1 2 3 4 5 →