Biblio

Filters: Author is Haghighat, Mohammad Hashem  [Clear All Filters]
2019-12-18
Haghighat, Mohammad Hashem, Li, Jun.  2018.  Edmund: Entropy Based Attack Detection and Mitigation Engine Using Netflow Data. Proceedings of the 8th International Conference on Communication and Network Security. :1–6.
Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior. The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time.