1
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy

      1 , 2 , 3 , 2 , 4 , 2 , 3 , 1

      Security and Communication Networks

      Hindawi Limited

      Read this article at

      ScienceOpenPublisher
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.

          Related collections

          Most cited references 45

          • Record: found
          • Abstract: not found
          • Article: not found

          A Mathematical Theory of Communication

           C. Shannon (1948)
            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Multiscale entropy analysis of biological signals

              Bookmark
              • Record: found
              • Abstract: found
              • Article: not found

              Physiological time-series analysis using approximate entropy and sample entropy.

              Entropy, as it relates to dynamical systems, is the rate of information production. Methods for estimation of the entropy of a system represented by a time series are not, however, well suited to analysis of the short and noisy data sets encountered in cardiovascular and other biological studies. Pincus introduced approximate entropy (ApEn), a set of measures of system complexity closely related to entropy, which is easily applied to clinical cardiovascular and other time series. ApEn statistics, however, lead to inconsistent results. We have developed a new and related complexity measure, sample entropy (SampEn), and have compared ApEn and SampEn by using them to analyze sets of random numbers with known probabilistic character. We have also evaluated cross-ApEn and cross-SampEn, which use cardiovascular data sets to measure the similarity of two distinct time series. SampEn agreed with theory much more closely than ApEn over a broad range of conditions. The improved accuracy of SampEn statistics should make them useful in the study of experimental clinical cardiovascular and other biological time series.
                Bookmark

                Author and article information

                Contributors
                Journal
                Security and Communication Networks
                Security and Communication Networks
                Hindawi Limited
                1939-0122
                1939-0114
                June 16 2021
                June 16 2021
                : 2021
                : 1-9
                Affiliations
                [1 ]College of Computer Science and Technology, Zhejiang University, Hangzhou 310058, China
                [2 ]College of Computer Science and Technology, Hangzhou Dianzi University, Hangzhou 310018, China
                [3 ]Key Laboratory of Complex Systems Modeling and Simulation of the Ministry of Education, Hangzhou Dianzi University, Hangzhou 310018, China
                [4 ]Zhuoyue Honors College, Hangzhou Dianzi University, Hangzhou 310018, China
                Article
                10.1155/2021/5560185
                © 2021

                Comments

                Comment on this article