File:Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks (IA sampleentropyndr109452633).pdf
![File:Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks (IA sampleentropyndr109452633).pdf](https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Sample_entropy_and_random_forests_a_methodology_for_anomaly-based_intrusion_detection_and_classification_of_low-bandwidth_malware_attacks_%28IA_sampleentropyndr109452633%29.pdf/page1-463px-thumbnail.pdf.jpg?20200724122055)
Original file (1,275 × 1,650 pixels, file size: 714 KB, MIME type: application/pdf, 82 pages)
Captions
Captions
Summary
[edit]Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks
(![]() ![]() ![]() |
||
---|---|---|
Author |
Hyla, Bret M. |
|
Title |
Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks |
|
Publisher |
Monterey, California. Naval Postgraduate School |
|
Description |
Sample Entropy examines changes in the normal distribution of network traffic to identify anomalies. Normalized Information examines the overall probability distribution in a data set. Random Forests is a supervised learning algorithm which is efficient at classifying highlyimbalanced data. Anomalies are exceedingly rare compared to the overall volume of network traffic. The combination of these methods enables low-bandwidth anomalies to easily be identified in high-bandwidth network traffic. Using only low-dimensional network information allows for near real-time identification of anomalies. The data set was collected from 1999 DARPA intrusion detection evaluation data set. The experiments compare a baseline f-score to the observed entropy and normalized information of the network. Anomalies that are disguised in network flow analysis were detected. Random Forests prove to be capable of classifying anomalies using the sample entropy and normalized information. Our experiment divided the data set into five-minute time slices and found that sample entropy and normalized information metrics were successful in classifying bad traffic with a recall of .99 and a f-score .50 which was 185% better than our baseline. Subjects: Computer science; Entropy; Algorithms; Databases; Computer networks; Methodology; Data mining |
|
Language | English | |
Publication date | September 2006 | |
Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
|
Accession number |
sampleentropyndr109452633 |
|
Source | ||
Permission (Reusing this file) |
Approved for public release, distribution unlimited |
Licensing
[edit]Public domainPublic domainfalsefalse |
![]() |
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
![]() |
This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. |
https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Thumbnail | Dimensions | User | Comment | |
---|---|---|---|---|---|
current | 12:20, 24 July 2020 | ![]() | 1,275 × 1,650, 82 pages (714 KB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection sampleentropyndr109452633 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #27058) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file:
Metadata
This file contains additional information such as Exif metadata which may have been added by the digital camera, scanner, or software program used to create or digitize it. If the file has been modified from its original state, some details such as the timestamp may not fully reflect those of the original file. The timestamp is only as accurate as the clock in the camera, and it may be completely wrong.
Short title | Sample entropy and random forests a methodology for anomaly-based intrusion detection and classification of low-bandwidth malware attacks |
---|---|
Author | Hyla, Bret M. |
Software used | Hyla, Bret M. |
Conversion program | Acrobat Distiller 6.0.1 (Windows) |
Encrypted | no |
Page size | 612 x 792 pts (letter) |
Version of PDF format | 1.4 |