In this paper, a technique for detecting anomalous behavior traffic in a computer network is presented. Entropy space method is based on a 3D-space built on a flow-packet level. The complete set of points obtained in the 3D-space can be seen as a data cloud. Each 3D point in the space is a value of the obtained clusters for each slot of the network traffic. The selected features for the set of points are done by applying Pattern Recognition, Principal Component Analysis, and Kernel Density Estimation. At the next stage, the network traffic can be modelled by using Gaussian Mixtures and Extreme Generalized Distributions, which define the behavior of each selected feature. By integrating this model in an Anomaly-based Intrusion Detection System, anomalous behaviour traffic can be detected easily and early. The effectiveness and feasibility of this model was tested in a Local Area Network of a Campus.
展开▼
