On the Inefficient Use of Entropy for Anomaly Detection
作者: Mobin Javed , Ayesha Binte Ashfaq , M. Zubair Shafiq , Syed Ali Khayam
DOI: 10.1007/978-3-642-04342-0_28
关键词: Anomaly detection 、 Behavioral pattern 、 Artificial intelligence 、 Data mining 、 Entropy rate 、 Machine learning 、 Computer science
摘要: Entropy-based measures have been widely deployed in anomaly detection systems (ADSes) to quantify behavioral patterns. The entropy measure has shown significant promise detecting diverse set of anomalies present networks and end-hosts. We argue that the full potential entropy-based is currently not being exploited because its inefficient use. In support this argument, we highlight three important shortcomings existing ADSes. then propose efficient usage --- supported by preliminary evaluations mitigate these shortcomings.
springer.com
berkeley.edu
acm.org 参考文章(3)
M. Zubair Shafiq, Syed Ali Khayam, Muddassar Farooq, Embedded Malware Detection Using Markov n-Grams international conference on detection of intrusions and malware and vulnerability assessment. pp. 88- 107 ,(2008) , 10.1007/978-3-540-70542-0_5
Ayesha Binte Ashfaq, Maria Joseph Robert, Asma Mumtaz, Muhammad Qasim Ali, Ali Sajjad, Syed Ali Khayam, A Comparative Evaluation of Anomaly Detectors under Portscan Attacks recent advances in intrusion detection. pp. 351- 371 ,(2008) , 10.1007/978-3-540-87403-4_19
Andrew McCallum, Don Towsley, Yu Gu, Detecting anomalies in network traffic using maximum entropy estimation internet measurement conference. pp. 32- 32 ,(2005) , 10.5555/1251086.1251118