文献类型：期刊文献

英文题名：Combining Renyi Entropy and EWMA to Detect Common Attacks in Network

作者：Yan, Ruoyu[1]

第一作者：颜若愚

通讯作者：Yan, RY[1]

机构：[1]Henan Univ Econ & Law, Coll Comp & Informat Engn, Zhengzhou 450002, Henan Province, Peoples R China

第一机构：河南财经政法大学计算机与信息工程学院

通讯机构：[1]corresponding author), Henan Univ Econ & Law, Coll Comp & Informat Engn, Zhengzhou 450002, Henan Province, Peoples R China.|[1048412]河南财经政法大学计算机与信息工程学院;[10484]河南财经政法大学;

年份：2016

卷号：30

期号：10

外文期刊名：INTERNATIONAL JOURNAL OF PATTERN RECOGNITION AND ARTIFICIAL INTELLIGENCE

收录：;EI(收录号：20162402499201);Scopus(收录号：2-s2.0-84973664363);WOS:【SCI-EXPANDED(收录号:WOS:000389252400002)】；

基金：This work is supported mainly by Henan Joint Funds of the National Natural Science Foundation of China (Grant No. U1404605), National Natural Science Foundation of China (Grant Nos. 61502393 and 61373120), and Henan Provincial Natural Science Research Program Foundation of Henan Educational Committee (Grant No. 13B520901).

语种：英文

外文关键词：Renyi entropy; traffic feature selection; control chart theory; network attack identification

摘要：How to timely and precisely identify attack behaviors in network without dealing with a large number of traffic features and historical data, such as training data, is an important research work in the field of network security. In this paper,firstly, the differences between Renyi entropy and Shannon entropy are analyzed and compared. In order to capture network traffic changes exactly, Renyi entropy instead of Shannon entropy is proposed to measure selected traffic features. Then EWMA control chart theory is used to check Renyi entropy time series for detecting and screening anomalies. And three kinds of network attacks are also analyzed and characterized by behavior feature vector for attack identification. Finally a feature similarity based method is used to identify attacks. The experimental results of real traffic traces show that the proposed method has good capability to detect and identify these attacks with less computation cost. To evaluate attack identification method conveniently, an approach is proposed to generate simulated attack traffics. Compared with Shannon entropy-based method, the experiments on simulation traffics show that Renyi entropy-based method has much higher overall accuracy, average precision and average true positive rate. Further comparison indicates the proposed method has more powerful performance to detect attacks than PCA-based method.