[PDF] researchgate.net

Edmund: Entropy based attack detection and mitigation engine using netflow data

MH Haghighat, J Li - Proceedings of the 8th International Conference on …, 2018 - dl.acm.org
MH Haghighat, J Li
Proceedings of the 8th International Conference on Communication and Network …, 2018dl.acm.org
Dozens of signature and anomaly based solutions have been proposed to detect malicious
activities in computer networks. However, the number of successful attacks are increasing
every day. In this paper, we developed a novel entropy based technique, called Edmund, to
detect and mitigate Network attacks. While analyzing full payload network traffic was not
recommended due to users' privacy, Edmund used netflow data to detect abnormal
behavior. The experimental results showed that Edmund was able to highly accurate detect …
Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior.
The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time.
ACM Digital Library
展开收起
被引用次数:8 相关文章 所有 2 个版本
以上显示的是最相近的搜索结果。 查看全部搜索结果