Skip to main content
SpringerLink
Log in

Detection of Packet Traffic Anomalous Behaviour via Information Entropy

  • Chapter
Book cover Complex Networks

Part of the book series: Studies in Computational Intelligence ((SCI,volume 207))

Abstract

Spatio-temporal dynamics of packet traffic in data networks is complex and its monitoring is a challenging task. We study if information entropy of packet traffic monitored at selected set of nodes may provide a method for monitoring network-wide behaviour of packet traffic and for detection of anomalous traffic, e.g., distributed denial-of-service attacks. We conduct our investigation for a packet switching network model for static and dynamic routings. We show that the proposed information entropy method may detect changes in “natural” randomness of spatio-temporal distributions of packets among routers caused by anomalous traffic and that the emerging anomalies are easier to detect for DDoS attacks with larger number of attackers and/or on networks using static rather than dynamic routing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Yuan, J., Mills, K.: Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Transactions on Dependable and Secure Computing 2(4), 1–12 (2005)

    Article  Google Scholar 

  2. http://www.theregister.co.uk/2002/10/23/feds_investigating_largest_ever_internet/ (accessed January 5, 2009)

  3. Nucci, A., Banneman, S.: Controlled Chaos. In: IEEE Spectrum, pp. 43–48 (December 2007)

    Google Scholar 

  4. Lawniczak, A.T., Wu, H., Di Stefano, B.N.: DDoS attack detection using entropy of packet traffic in CA like data communication network model. In: Adamatzky, A., et al. (eds.) Automata-2008 Theory and Applications of Cellular Automata, pp. 573–584. Luniver Press, UK (2008)

    Google Scholar 

  5. Lawniczak, A.T., Gerisch, A., Di Stefano, B.N.: Development and Performance of Cellular Automaton Model of OSI Network Layer of Packet Switching Networks. In: 16th IEEE CCECE 2003 – CCGEI 2003, vol. 2, pp. 1409–1412 (2003)

    Google Scholar 

  6. Lawniczak, A.T., Gerisch, A., Di Stefano, B.: OSI Network-layer Abstraction: Analysis of Simulation Dynamics and Performance Indicators. In: Mendes, J.F., et al. (eds.) AIP Conference Proc., New York, vol. 776, pp. 166–200 (2005)

    Google Scholar 

  7. Gerisch, A., Lawniczak, A.T., Di Stefano, B.: Building Blocks of a Simulation Environment of the OSI Network Layer of Packet Switching Networks. In: 16th IEEE CCECE 2003 – CCGEI 2003, p. 4 (2003)

    Google Scholar 

  8. Lawniczak, A.T., Gerisch, A., Maxie, K., Di Stefano, B.: Netzwerk: Migration of a Packet Switching Network Simulation Enviroment from MS Windows PC to Linux PC and to HPC. In: 19th International Symposium no High Performance Computing Systems and Applications, pp. 280–286. IEEE Press, Los Alamitos (2005)

    Chapter  Google Scholar 

  9. Leon-Garcia, A., Widjaja, I.: Communication Networks: Fundamental Concepts and Key Architectures. McGraw-Hill Companies, Inc., New York (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Statistics, University of Guelph, Guelph, Ontario, N1G 2W1, Canada

    Anna T. Lawniczak & Hao Wu

  2. The Fields Institute For Research in Mathematical Science, Toronto, Ontario, M5T 3J1, Canada

    Anna T. Lawniczak & Hao Wu

  3. Nuptek Systems Ltd., Toronto, Ontario, M5R 3M6, Canada

    Bruno N. Di Stefano

Authors
  1. Anna T. Lawniczak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bruno N. Di Stefano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Complex Networks Lagrange Laboratory, ISI Foundation, Viale S. Severo 65, 10133, Torino, Italy

    Santo Fortunato

  2. Dipartimento di Ingegneria, Informatica e delle Telecomunicazioni, Università degli Studi di Catania, Viale Andrea Doria, 6, I95125, Catania, Italy

    Giuseppe Mangioni

  3. Department of Computer Sciences, Florida Institute of Technology, 150W.University Blvd, FL 32901, Melbourne, USA

    Ronaldo Menezes

  4. Laboratorio sui Sistemi Complessi, Scuola Superiore di Catania, Via S.Nullo 5/i, 95123, Catania, Italy

    Vincenzo Nicosia

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Lawniczak, A.T., Wu, H., Di Stefano, B.N. (2009). Detection of Packet Traffic Anomalous Behaviour via Information Entropy. In: Fortunato, S., Mangioni, G., Menezes, R., Nicosia, V. (eds) Complex Networks. Studies in Computational Intelligence, vol 207. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01206-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01206-8_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01205-1

  • Online ISBN: 978-3-642-01206-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation