Entropy-based profiling of network traffic for detection of security attack

Tsern-Huei Lee*, Jyun De He

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations


Network security has become a major concern in recent years. In this research, we present an entropy-based network traffic profiling scheme for detecting security attacks. The proposed scheme consists of two stages. The purpose of the first stage is to systematically construct the probability distribution of Relative Uncertainty for normal network traffic behavior. In the second stage, we use the Chi-Square Goodness-of-Fit Test, a calculation that measures the level of difference of two probability distributions, to detect abnormal network activities. The probability distribution of the Relative Uncertainty for short-term network behavior is compared with that of the long-term profile constructed in the first stage. We demonstrate the performance of our proposed scheme for DoS attacks with the dataset derived from KDD CUP 1999. Experimental results show that our proposed scheme achieves high accuracy if the features are selected appropriately.

Original languageEnglish
Title of host publicationTENCON 2009 - 2009 IEEE Region 10 Conference
StatePublished - 1 Dec 2009
Event2009 IEEE Region 10 Conference, TENCON 2009 - Singapore, Singapore
Duration: 23 Nov 200926 Nov 2009

Publication series

NameIEEE Region 10 Annual International Conference, Proceedings/TENCON


Conference2009 IEEE Region 10 Conference, TENCON 2009


  • Anomaly detection
  • Chi-square
  • Entropy
  • Profiling

Fingerprint Dive into the research topics of 'Entropy-based profiling of network traffic for detection of security attack'. Together they form a unique fingerprint.

Cite this