| Title | Edmund: Entropy Based Attack Detection and Mitigation Engine Using Netflow Data |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Haghighat, Mohammad Hashem, Li, Jun |
| Conference Name | Proceedings of the 8th International Conference on Communication and Network Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6567-3 |
| Keywords | Attack Detection and Mitigation, composability, DDoS attack mitigation, Entropy, Human Behavior, Malicious Flows, Metrics, network attacks, pubcrawl, resilience |
| Abstract | Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior. The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time. |
| URL | http://doi.acm.org/10.1145/3290480.3290484 |
| DOI | 10.1145/3290480.3290484 |
| Citation Key | haghighat_edmund:_2018 |
Edmund: Entropy Based Attack Detection and Mitigation Engine Using Netflow Data