An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection

Pan Feng, Jiang Junjie, and Wang Weinong

Journal of Computer Research and Development > 2005 > 42(8): 1415-1421.

Pan Feng, Jiang Junjie, and Wang Weinong. An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection[J]. Journal of Computer Research and Development, 2005, 42(8): 1415-1421.

Citation:

PDF (393 KB)

An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection

Pan Feng, Jiang Junjie, and Wang Weinong

(Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030)

More Information

Published Date: August 14, 2005

Graphical Abstract

Abstract

Abstract

Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, an entropy-based method to measure the regularity of normal behaviors in anomaly detection is proposed. This measure is defined as the ratio of normal behavior's entropy to totally random behavior's entropy. Two case studies on Unix system call data and network tcpdump data are used to illustrate the utilities of this measure. A new algorithm is advanced to detect network intrusions using sequences of system calls, and it can realize anomaly detection over noisy data. At the same time, a new immune algorithm: multi-level negative selection algorithm is developed and applied to anomaly detection, compared with Forrest's negative selection algorithm. It enhances detector generation efficiency in essence.
- intrusion detection,
- anomaly detection,
- entropy,
- negative selection

FullText(HTML)

References (0)

[1]	Shi Leyi, Zhu Hongqiang, Liu Yihao, Liu Jia. Intrusion Detection of Industrial Control System Based on Correlation Information Entropy and CNN-BiLSTM[J]. Journal of Computer Research and Development, 2019, 56(11): 2330-2338. DOI: 10.7544/issn1000-1239.2019.20190376
[2]	Yao Sheng, Xu Feng, Zhao Peng, Ji Xia. Intuitionistic Fuzzy Entropy Feature Selection Algorithm Based on Adaptive Neighborhood Space Rough Set Model[J]. Journal of Computer Research and Development, 2018, 55(4): 802-814. DOI: 10.7544/issn1000-1239.2018.20160919
[3]	Dong Hongbin, Teng Xuyang, Yang Xue. Feature Selection Based on the Measurement of Correlation Information Entropy[J]. Journal of Computer Research and Development, 2016, 53(8): 1684-1695. DOI: 10.7544/issn1000-1239.2016.20160172
[4]	Tang Chenghua, Liu Pengcheng, Tang Shensheng, Xie Yi. Anomaly Intrusion Behavior Detection Based on Fuzzy Clustering and Features Selection[J]. Journal of Computer Research and Development, 2015, 52(3): 718-728. DOI: 10.7544/issn1000-1239.2015.20130601
[5]	Zhang Fengbin and Wang Tianbo. Real Value Negative Selection Algorithm with the n-Dimensional Chaotic Map[J]. Journal of Computer Research and Development, 2013, 50(7): 1387-1398.
[6]	Zhang Zhenhai, Li Shining, Li Zhigang, and Chen Hao. Multi-Label Feature Selection Algorithm Based on Information Entropy[J]. Journal of Computer Research and Development, 2013, 50(6): 1177-1184.
[7]	Zheng Liming, Zou Peng, Han Weihong, Li Aiping, Jia Yan. Traffic Anomaly Detection Using Multi-Dimensional Entropy Classification in Backbone Network[J]. Journal of Computer Research and Development, 2012, 49(9): 1972-1981.
[8]	Zhang Xiang, Deng Zhaohong, Wang Shitong, Choi Kupsze. Maximum Entropy Relief Feature Weighting[J]. Journal of Computer Research and Development, 2011, 48(6): 1038-1048.
[9]	Chen Shitao, Chen Guolong, Guo Wenzhong, and Liu Yanhua. Feature Selection of the Intrusion Detection Data Based on Particle Swarm Optimization and Neighborhood Reduction[J]. Journal of Computer Research and Development, 2010, 47(7): 1261-1267.
[10]	Hou Jian, Peng Jiayin, Zhang Yuzhuo, Zhang Chengyi. A Reverse Triple I Algorithm for Fuzzy Reasoning Based on Maximum Fuzzy Entropy Principle[J]. Journal of Computer Research and Development, 2006, 43(7): 1180-1185.