Archivio istituzionale della ricerca dell'Università degli Studi di Palermo

Intrusion Detection Systems (IDSs) are used to intercept unauthorized access and malicious activity in computer networks. However, cyber-attacks are becoming more sophisticated, using evasion techniques to prevent signature-based detection. The rise of previously unseen attacks poses a critical challenge to IDSs. In this work, we present a lightweight approach to anomaly detection in network traffic that exploits the entropy of packet header features to reveal attacks. Detection is performed through a predictive model and a sliding window cumulative sum algorithm. The experimental evaluation, conducted on various attacks, indicates our system’s effectiveness in detecting attacks generating both high and low amounts of traffic, maintaining a low false alarm rate.

Augello, A., Lo Re, G., Peri, D., Thiyagalingam, P. (2024). NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error. In 2024 IEEE 49th Conference on Local Computer Networks (LCN) (pp. 1-9) [10.1109/lcn60385.2024.10639755].

NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error

Augello, Andrea;Lo Re, Giuseppe;Peri, Daniele;Thiyagalingam, Partheepan
2024-01-01

Abstract

Intrusion Detection Systems (IDSs) are used to intercept unauthorized access and malicious activity in computer networks. However, cyber-attacks are becoming more sophisticated, using evasion techniques to prevent signature-based detection. The rise of previously unseen attacks poses a critical challenge to IDSs. In this work, we present a lightweight approach to anomaly detection in network traffic that exploits the entropy of packet header features to reveal attacks. Detection is performed through a predictive model and a sliding window cumulative sum algorithm. The experimental evaluation, conducted on various attacks, indicates our system’s effectiveness in detecting attacks generating both high and low amounts of traffic, maintaining a low false alarm rate.
2024
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
https://dx.doi.org/10.1109/lcn60385.2024.10639755
Augello, A., Lo Re, G., Peri, D., Thiyagalingam, P. (2024). NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error. In 2024 IEEE 49th Conference on Local Computer Networks (LCN) (pp. 1-9) [10.1109/lcn60385.2024.10639755].
File in questo prodotto:
File Dimensione Formato  
4. NEP-IDS_a_Network_Intrusion_Detection_System_Based_on_Entropy_Prediction_Error-compressed.pdf

Solo gestori archvio

Descrizione: Paper + TOC
Tipologia: Versione Editoriale
Dimensione 1.85 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
1.85 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10447/661494
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact