Proceedings of the IEEK Conference (대한전자공학회:학술대회논문집)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

Anomalous Traffic Measurement using Entropy: An Empirical Study

엔트로피를 이용한 이상 트래픽 측정: 실제 사례를 통한 접근

  • Kim, Jung-Hyun (Department of Electronics and Computer Engineering Hanyang University) ;
  • Won, You-Jip (Department of Electronics and Computer Engineering Hanyang University)
  • 김정현 (한양대학교 전자컴퓨터통신공학과) ;
  • 원유집 (한양대학교 전자컴퓨터통신공학과)
  • Published : 2007.07.11
Download PDF
⟨ Previous Next ⟩

Abstract

Entropy, one of leading metrics on anomalous traffic, attracts researcher's attention since a packet sampling and a traffic volume impact little on entropy value. In this paper, we apply the entropy metric to a domestic network traffic trace which has real anomalous traffics. We used source IP address/port and destination IP address/port that are important attributes of a packet as entropy variable We found that entropy value of multiple-port DoS attack shows something related to a staircase fashion. Also, we show a Possibility of detection of anomalous traffic on small time scale.

Keywords