In modern networks, with the growing variety of cybersecurity threats, network anomaly detection has become increasingly important. Its primary goal is to promptly identify abnormal traffic to prevent catastrophic consequences such as data breaches and service disruptions. However, many traditional anomaly detection methods rely on traffic characteristics such as packet frequency, traffic volume, or known attack signatures. These approaches often face limitations when dealing with complex attack behaviors due to the variability of traffic patterns and evolving attack techniques. To address these challenges, entropy, a metric originally derived from information theory to quantify data unpredictability, has recently been applied in the field of cybersecurity, particularly in network anomaly detection, showing promising results. Compared to traditional methods, analyzing changes in entropy within packet content can reveal hidden suspicious activities more effectively. To explore the practical effectiveness of entropy-based indicators in anomaly detection, this study proposes a network anomaly detection method based on entropy variation. Specifically, it utilizes Shannon Entropy of packet-level statistical features to observe abnormal fluctuations in traffic predictability, thereby identifying potential attack activities and evaluating the impact on detection accuracy. To validate the performance of the proposed method, we use real network traffic data from an academic unit and conduct experiments simulating scanning behavior for evaluation.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Entropy-Based Anomaly Detection for Cybersecurity Threats in Network Traffic

  • Han-Wei Hsiao,
  • Yun-Zhen Lee

摘要

In modern networks, with the growing variety of cybersecurity threats, network anomaly detection has become increasingly important. Its primary goal is to promptly identify abnormal traffic to prevent catastrophic consequences such as data breaches and service disruptions. However, many traditional anomaly detection methods rely on traffic characteristics such as packet frequency, traffic volume, or known attack signatures. These approaches often face limitations when dealing with complex attack behaviors due to the variability of traffic patterns and evolving attack techniques. To address these challenges, entropy, a metric originally derived from information theory to quantify data unpredictability, has recently been applied in the field of cybersecurity, particularly in network anomaly detection, showing promising results. Compared to traditional methods, analyzing changes in entropy within packet content can reveal hidden suspicious activities more effectively. To explore the practical effectiveness of entropy-based indicators in anomaly detection, this study proposes a network anomaly detection method based on entropy variation. Specifically, it utilizes Shannon Entropy of packet-level statistical features to observe abnormal fluctuations in traffic predictability, thereby identifying potential attack activities and evaluating the impact on detection accuracy. To validate the performance of the proposed method, we use real network traffic data from an academic unit and conduct experiments simulating scanning behavior for evaluation.