Apparatus and method for detecting anomalous traffic
First Claim
1. An apparatus for detecting anomalous traffic, comprising:
- an entropy extraction module for extracting entropy from network traffic;
a visualization module for generating an entropy graph based on the entropy;
a graph model experience module for updating a graph model for each network attack based on the entropy graph; and
an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.
-
Citations
11 Claims
-
1. An apparatus for detecting anomalous traffic, comprising:
-
an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of detecting anomalous traffic, comprising:
-
extracting entropy from network traffic; generating an entropy graph based on the entropy; updating a graph model for each network attack based on the entropy graph; detecting anomalous traffic based on the entropy graph and the graph model for each network attack; and outputting the detection results to a user. - View Dependent Claims (8, 9, 10, 11)
-
Specification