Author(s)

Pablo Velarde-Alvarado^1*, Rafael Martinez-Pelaez¹, Joel Ruiz-Ibarra¹, Victor Morales-Rocha²

¹Autonomous University of Nayarit, Area of Basic Sciences and Engineering, Ciudad de la Cultura “Amado Nervo”, Tepic, Nayarit, Mexico.
²Department of Electrical and Computer Engineering, Autonomous University of Ciudad Juarez, Ciudad Juarez, Mexico.

In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.

Intrusion Detection, Traffic Profiling, Entropy, and Network Worms

Velarde-Alvarado, P. , Martinez-Pelaez, R. , Ruiz-Ibarra, J. and Morales-Rocha, V. (2014) Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection. Journal of Computer and Communications, 2, 24-30. doi: 10.4236/jcc.2014.211003.