Blog
About

1
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning †

      1 , * , 1 , 2 , 3

      Entropy

      MDPI

      router security, data correlation, attack detection

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Routers are of great importance in the network that forward the data among the communication devices. If an attack attempts to intercept the information or make the network paralyzed, it can launch an attack towards the router and realize the suspicious goal. Therefore, protecting router security has great importance. However, router systems are notoriously difficult to understand or diagnose for their inaccessibility and heterogeneity. A common way of gaining access to the router system and detecting the anomaly behaviors is to inspect the router syslogs or monitor the packets of information flowing to the routers. These approaches just diagnose the routers from one aspect but do not correlate multiple logs. In this paper, we propose an approach to detect the anomalies and faults of the routers with multiple information learning. First, we do the offline learning to transform the benign or corrupted user actions into the syslogs. Then, we construct the log correlation among different events. During the detection phase, we calculate the distance between the event and the cluster to decide if it is an anomalous event and we use the attack chain to predict the potential threat. We applied our approach in a university network which contains Huawei, Cisco and Dlink routers for three months. We aligned our experiment with former work as a baseline for comparison. Our approach obtained 89.6% accuracy in detecting the attacks, which is 5.1% higher than the former work. The results show that our approach performs in limited time as well as memory usages and has high detection and low false positives.

          Related collections

          Most cited references 31

          • Record: found
          • Abstract: not found
          • Article: not found

          Principal component analysis

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Internet inter-domain traffic

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              Data Mining Techniques for Software Effort Estimation: A Comparative Study

                Bookmark

                Author and article information

                Journal
                Entropy (Basel)
                Entropy (Basel)
                entropy
                Entropy
                MDPI
                1099-4300
                26 July 2019
                August 2019
                : 21
                : 8
                Affiliations
                [1 ]School of Cyber Engineering, Xidian University, Xi’an 710071, China
                [2 ]School of Computer Science, Xidian University, Xi’an 710071, China
                [3 ]Shaanxi Key Laboratory of BlockChain and Security Computing, Xidian University, Xi’an 710071, China
                Author notes
                [* ]Correspondence: litengxidian@ 123456gmail.com
                [†]

                This paper is an extended version of our paper published in 2018 International Conference on Networking and Network Applications (NaNA), Xi’an, China, 12–15 October 2018.

                Article
                entropy-21-00734
                10.3390/e21080734
                7515263
                © 2019 by the authors.

                Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( http://creativecommons.org/licenses/by/4.0/).

                Categories
                Article

                attack detection, data correlation, router security

                Comments

                Comment on this article