Next Article in Journal
Estimating the Entropy of a Weibull Distribution under Generalized Progressive Hybrid Censoring
Next Article in Special Issue
Message Authentication over Noisy Channels
Previous Article in Journal
The Big World of Nanothermodynamics
Previous Article in Special Issue
Detection and Modeling of Cyber Attacks with Petri Nets
Article Menu

Export Article

Open AccessArticle
Entropy 2015, 17(1), 74-101; doi:10.3390/e17010074

Entropy-Based Characterization of Internet Background Radiation

Institute of Telecommunications, Vienna University of Technology, Gußhausstraße 25 / E389, 1040 Vienna, Austria
*
Author to whom correspondence should be addressed.
Received: 27 October 2014 / Accepted: 22 December 2014 / Published: 31 December 2014
View Full-Text   |   Download PDF [3029 KB, uploaded 24 February 2015]   |  

Abstract

Network security requires real-time monitoring of network traffic in order to detect new and unexpected attacks. Attack detection methods based on deep packet inspection are time consuming and costly, due to their high computational demands. This paper proposes a fast, lightweight method to distinguish different attack types observed in an IP darkspace monitor. The method is based on entropy measures of traffic-flow features and machine learning techniques. The explored data belongs to a portion of the Internet background radiation from a large IP darkspace, i.e., real traffic captures that exclusively contain unsolicited traffic, ongoing attacks, attack preparation activities and attack aftermaths. Results from an in-depth traffic analysis based on packet headers and content are used as a reference to label data and to evaluate the quality of the entropy-based classification. Full IP darkspace traffic captures from a three-week observation period in April, 2012, are used to compare the entropy-based classification with the in-depth traffic analysis. Results show that several traffic types present a high correlation to the respective traffic-flow entropy signals and can even fit polynomial regression models. Therefore, sudden changes in traffic types caused by new attacks or attack preparation activities can be identified based on entropy variations. View Full-Text
Keywords: network security; information entropy; time series analysis; supervised classification; signal modeling network security; information entropy; time series analysis; supervised classification; signal modeling
Figures

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Iglesias, F.; Zseby, T. Entropy-Based Characterization of Internet Background Radiation. Entropy 2015, 17, 74-101.

Show more citation formats Show less citations formats

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Entropy EISSN 1099-4300 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top