Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment
- 279 Downloads
In recent years, there are more and more abnormal activities in the network, which greatly threaten network security. Hence, it is of great importance to collect the data which indicate the running statement of the network, and distinguish the anomaly phenomena of the network in time. In this paper, we propose a novel anomaly network traffic detection algorithm under the cloud computing environment. Firstly, the framework of the anomaly network traffic detection system is illustrated, and six type of network traffic features are consider in this work, that is, (1) number of source IP address, (2) number of source port number, (3) number of destination IP address, (4) number of destination port number, (5) Number of packet type, and (6) number of network packets. Secondly, we propose a novel hybrid information entropy and SVM model to tackle the proposed problem by normalizing values of network features and exploiting SVM detect anomaly network behaviors. Finally, experimental results demonstrate that the proposed algorithm can detect anomaly network traffic with high accuracy and it can also be used in the large scale dataset.
KeywordsAnomaly network traffic detection Information entropy measurement Cloud computing Support vector machine Quantum behaved particle swarm optimization
The authors are very thankful to the editors and anonymous reviewers for providing very thoughtful comments which have lead to an improved version of this paper. This work was supported by the Natural Science Foundation of China (No. 61572033) and also supported by General program of humanistic and social science research in Anhui provincial higher education promotion plan (TSSK2016B27); 2017 General topic capital of online educational research fund by online education research center of Department of Education(2017YB101) and Key topics of national education information technology research(176120003).
- 2.Zheng, L.M., Zou, P., Jia, Y., Han, W.H.: Traffic anomaly detection in backbone networks using classification of multidimensional time series of entropy. China Commun. 9(7), 108–120 (2012)Google Scholar
- 3.Qian, Y.G., Wu, C.M., Yang, Q., Wang, B.: Network traffic anomaly detection based on maximum entropy model. Chin. J. Electron. 21(3), 579–582 (2012)Google Scholar
- 7.Simmross-Wattenberg, F., Asensio-Perez, J.I., Casaseca-de-la-Higuera, P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)CrossRefGoogle Scholar
- 21.Derhab, A., Bouras, A.: Lightweight anomaly-based intrusion detection system for multi-feature traffic in wireless sensor networks. Ad Hoc Sens. Wireless Netw. 30(3–4), 201–217 (2016)Google Scholar
- 28.Bay, S., Schwabacher, M.: Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In: Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 29–38 (2003)Google Scholar
- 29.Breunig, M. M., Kriegel, H. -P., Ng, R. T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, 386–395 (2000)Google Scholar
- 30.Pei, Y., Zaiane, O. R., Gao, Y.: An efficient reference-based approach to outlier detection in large datasets. In: Proceedings of the 6th International Conference on Data Mining, IEEE, USA, 478–487 (2006)Google Scholar