Next Article in Journal
Quantum Phonon Transport in Nanomaterials: Combining Atomistic with Non-Equilibrium Green’s Function Techniques
Next Article in Special Issue
Secure Service Composition with Quantitative Information Flow Evaluation in Mobile Computing Environments
Previous Article in Journal
Altered Causal Coupling Pathways within the Central-Autonomic-Network in Patients Suffering from Schizophrenia
Previous Article in Special Issue
The Secret Key Capacity of a Class of Noisy Channels with Correlated Sources
Open AccessArticle

Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning

1
School of Cyber Engineering, Xidian University, Xi’an 710071, China
2
School of Computer Science, Xidian University, Xi’an 710071, China
3
Shaanxi Key Laboratory of BlockChain and Security Computing, Xidian University, Xi’an 710071, China
*
Author to whom correspondence should be addressed.
This paper is an extended version of our paper published in 2018 International Conference on Networking and Network Applications (NaNA), Xi’an, China, 12–15 October 2018.
Entropy 2019, 21(8), 734; https://doi.org/10.3390/e21080734
Received: 31 May 2019 / Revised: 29 June 2019 / Accepted: 22 July 2019 / Published: 26 July 2019
(This article belongs to the Special Issue Information-Theoretic Security II)
Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives. View Full-Text
Keywords: router security; data correlation; attack detection router security; data correlation; attack detection
Show Figures

Figure 1

MDPI and ACS Style

Li, T.; Ma, J.; Shen, Y.; Pei, Q. Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning. Entropy 2019, 21, 734.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map

1
Back to TopTop