Information-Theoretic Measures for Anomaly Detection
نویسندگان
چکیده
Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional entropy, relative conditional entropy, information gain, and information cost for anomaly detection. These measures can be used to describe the characteristics of an audit data set, suggest the appropriate anomaly detection model(s) to be built, and explain the performance of the model(s). We use case studies on Unix system call data, BSM data, and network tcpdump data to illustrate the utilities of these measures.
منابع مشابه
Moving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کامل3D Gabor Based Hyperspectral Anomaly Detection
Hyperspectral anomaly detection is one of the main challenging topics in both military and civilian fields. The spectral information contained in a hyperspectral cube provides a high ability for anomaly detection. In addition, the costly spatial information of adjacent pixels such as texture can also improve the discrimination between anomalous targets and background. Most studies miss the wort...
متن کاملAn information-theoretic measure for anomaly detection in complex dynamical systems
This paper presents information-theoretic analysis of time-series data to detect slowly evolving anomalies (i.e., deviations from a nominal operating condition) in dynamical systems. A measure for anomaly detection is formulated based on the concepts derived from information theory and statistical thermodynamics. The underlying algorithm is first tested on a low-dimensional complex dynamical sy...
متن کاملNon-parametric Information-Theoretic Measures of One-Dimensional Distribution Functions from Continuous Time Series
We study non-parametric measures for the problem of comparing distributions, which arise in anomaly detection for continuous time series. Non-parametric measures take two distributions as input and produce two numbers as output: the difference between the input distributions and the statistical significance of this difference. Some of these measures, such as Kullback-Leibler measure, are define...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کامل