Entropy-based analyzing anomaly WEB traffic

被引:2
|
作者
Nasseralfoghara, Mehrdad [1 ]
Hamidi, HamidReza [1 ]
机构
[1] Imam Khomeini Int Univ, Fac Engn, Qazvin, Iran
来源
JOURNAL OF HIGH SPEED NETWORKS | 2020年 / 26卷 / 04期
关键词
Information security; convert channel; timing channel; WEB; entropy; TIMING CHANNELS; COVERT CHANNEL; ROBUST;
D O I
10.3233/JHS-200642
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The application nature of HTTP protocol allows the creation of a covert timing channel based on different features of this protocol (or different levels) that has not been addressed in previous research. In this article, the entropy-based detection method was designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel's level or creating noise on the channel to protect from the analyzer's detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyzer, we concluded that the analyzer must investigate traffic at all possible levels. We also illustrated that by making noise on a covert channel, its capacity would decrease, but as entropy increases, it would be harder to detect it.
引用
收藏
页码:255 / 266
页数:12
相关论文
共 50 条
  • [21] An entropy-based distance measure for analyzing and detecting metamorphic malware
    Radkani, Esmaeel
    Hashemi, Sattar
    Keshavarz-Haddad, Alireza
    Amir Haeri, Maryam
    [J]. APPLIED INTELLIGENCE, 2018, 48 (06) : 1536 - 1546
  • [22] An entropy-based distance measure for analyzing and detecting metamorphic malware
    Esmaeel Radkani
    Sattar Hashemi
    Alireza Keshavarz-Haddad
    Maryam Amir Haeri
    [J]. Applied Intelligence, 2018, 48 : 1536 - 1546
  • [23] CUSUM-based and Entropy-based Network Anomaly Detection: an Experimental Comparison
    Callegari, Christian
    Pagano, Michele
    Giordano, Stefano
    Berizzi, Fabrizio
    [J]. PROCEEDINGS OF THE 2017 8TH INTERNATIONAL CONFERENCE ON THE NETWORK OF THE FUTURE (NOF), 2017, : 132 - 134
  • [24] Entropy-Based Profiling of Network Traffic for Detection of Security Attack
    Lee, Tsern-Huei
    He, Jyun-De
    [J]. TENCON 2009 - 2009 IEEE REGION 10 CONFERENCE, VOLS 1-4, 2009, : 2505 - 2509
  • [25] An Efficient Entropy-based Network Anomaly Detection Method Using MIB
    Zhao, Lei
    Wang, Fu
    [J]. PROCEEDINGS OF 2014 IEEE INTERNATIONAL CONFERENCE ON PROGRESS IN INFORMATICS AND COMPUTING (PIC), 2014, : 428 - 432
  • [26] Extraction of characteristics of anomaly accessed IP packets by the entropy-based analysis
    Nakashima, Takuo
    Oshima, Shunsuke
    Nishikido, Yusuke
    Sueyoshi, Toshinori
    [J]. CISIS 2008: THE SECOND INTERNATIONAL CONFERENCE ON COMPLEX, INTELLIGENT AND SOFTWARE INTENSIVE SYSTEMS, PROCEEDINGS, 2008, : 141 - +
  • [27] Integrated entropy-based approach for analyzing exons and introns in DNA sequences
    Li, Junyi
    Zhang, Li
    Li, Huinian
    Ping, Yuan
    Xu, Qingzhe
    Wang, Rongjie
    Tan, Renjie
    Wang, Zhen
    Liu, Bo
    Wang, Yadong
    [J]. BMC BIOINFORMATICS, 2019, 20 (Suppl 8)
  • [28] Integrated entropy-based approach for analyzing exons and introns in DNA sequences
    Junyi Li
    Li Zhang
    Huinian Li
    Yuan Ping
    Qingzhe Xu
    Rongjie Wang
    Renjie Tan
    Zhen Wang
    Bo Liu
    Yadong Wang
    [J]. BMC Bioinformatics, 20
  • [29] ENTROPY-BASED HEAVY TAILED DISTRIBUTION TRANSFORMATION FOR NETWORK TRAFFIC ANALYSIS
    Han, Keesook J.
    [J]. PROCEEDINGS OF THE ASME INTERNATIONAL DESIGN ENGINEERING TECHNICAL CONFERENCES AND COMPUTERS AND INFORMATION IN ENGINEERING CONFERENCE, DETC 2010, VOL 3, A AND B, 2010, : 761 - 766
  • [30] Entropy-based freight tour synthesis and the role of traffic count sampling
    Gonzalez-Calderon, Carlos A.
    Holguin-Veras, Jose
    [J]. TRANSPORTATION RESEARCH PART E-LOGISTICS AND TRANSPORTATION REVIEW, 2019, 121 : 63 - 83
12345