Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection


In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.

Share and Cite:

Velarde-Alvarado, P. , Martinez-Pelaez, R. , Ruiz-Ibarra, J. and Morales-Rocha, V. (2014) Information Theory and Data-Mining Techniques for Network Traffic Profiling for Intrusion Detection. Journal of Computer and Communications, 2, 24-30. doi: 10.4236/jcc.2014.211003.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Fung, C. and Boutaba, R. (2013) Intrusion Detection Networks: A Key to Collaborative Security. Auerbach Publications.
[2] Kruegel, C., Valeur, F. and Vigna, G. (2005) Intrusion Detection and Correlation. Advances in Information Security. Springer.
[3] Xu, K., Zhang, Z. and Bhattacharyya, S. (2005) Profiling Internet Backbone Traffic: Behavior Models and Applications. SIGCOMM, 2005, 22-26.
[4] Nucci, A. and Bannerman, S. (2007) Controlled Chaos. IEEE Spectrum, 44, 42-48.
[5] Velarde-Alvarado, P., Vargas-Rosales, C., Torres-Roman, D. and Munoz-Rodriguez, D. (2008) Entropy Based Analysis of Worm Attacks in a Local Network. Research in Computing Science, 34, 225-235.
[6] Copley, D., Hassell, R., Jack, B., Lynn, K., Permeh, R. and Soeder, D. (2003) ANALYSIS: Blaster Worm. eEye Digital Security Research.
[7] Ukai, Y. and Soeder, D. (2004) ANALYSIS: Sasser. eEye Digital Security Research.
[8] Jacobson, V., Leres, C. and McCanne, S. Tcpdump/libpcap.
[9] A. Peppo, plab. Tool for Traffic Traces.
[10] Trac Project. Libtrace.
[11] E. Kohler, ipsumdump. Traffic tool.
[12] Jolliffe, I.T. (2002) Principal Component Analysis, Series: Springer Series in Statistics. 2nd Edition, Springer, XXIX, 487 pp. 28.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.