Detecting Network Anomalies With Shannon Entropy: A Novel Approach to Cybersecurity

ABSTRACT

an era of relentless cyber threats, the increasing complexity and volume of data significantly intensify the risk and impact of cybersecurity breaches. As organizations generate and store more data, the potential attack surface grows, providing more opportunities for malicious actors to exploit vulnerabilities. Consequently, there is a growing necessity for more advanced analytical techniques to effectively detect and mitigate these evolving threats. Shannon entropy, introduced by Claude Shannon in 1948, is a fundamental concept in information theory that measures the unpredictability or randomness of information. It serves as a primary tool for identifying unusual patterns within extensive datasets, offering a quantitative approach to detect anomalies This paper explores the application of Shannon’s Entropy to detect and prevent distributed denial-of-service (DDoS) attacks. Unlike traditional motif identification tools, which focus on recurring patterns within data, Shannon entropy provides a broader measure of randomness and can detect subtle variations that may indicate a security breach. By leveraging the entropy measure, cybersecurity systems can identify and respond to abnormal traffic patterns that signify a potential DDoS attack, thereby enhancing the robustness and reliability of data protection mechanisms

REFERENCES

Bakhare S., Mohod S.W., (2024). A Review on Real-Time Network Traffic Monitoring and Anomaly Detection System : A Comprehensive Study with User-Friendly Interface and Historical Analysis Capabilities. International Journal of Scientific Research, Vol. 11 No. 3 (2024): May-June.

Berezinski, P., Jasiul, B., Szpyrka, M. (2015). An Entropy-Based Network Anomaly Detection Method, Article

Eimann, R. (2008). Network event detection with entropy measures (Ph.D. thesis). University of Auckland, Auckland, New Zealand.

GitHub Gist. (n.d.). Source code, entro.py – Simplified network packet analysis script. Full source code available at: https://gist.github.com/jinnosux/63160c7cf9d929f7eb9ce0221917b345

Gu, Y., McCallum, A., & Towsley, D. (2005). Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation. Proceedings of the 5th Conference on Internet Measurement, 19-21, 2005

Lima, C. F. L., de Assis, F. M., & de Souza, C. P. (2012). A comparative study of use of Shannon, Rényi, and Tsallis entropy for attribute selecting in network intrusion detection. In Proceedings of the 13th International Conference on Intelligent Data Engineering and Automated Learning (IDEAL’12), Natal, Brazil, 29-31 August 2012 (pp. 492–501)

Mukherjee, S., Heberlein, L. T., & Levitt, K. N. (2020). Network Intrusion Detection. IEEE Network, 8(3), 26-41

Renyi, A. (1970). Probability theory. Amsterdam, The Netherlands: North-Holland.

M. Scalabrin, M. Gadaleta, R. Bonetto and M. Rossi, “A Bayesian forecasting and anomaly detection framework for vehicular monitoring networks,” 2017 IEEE 27th International Workshop on Machine Learning for Signal Processing (MLSP), Tokyo, Japan, 2017, pp. 1-6, doi: 10.1109/MLSP.2017.8168151

Shannon, C. E. (1948). A Mathematical Theory of Communication. Bell System Technical Journal, 27(3), 379-423.

Scalabrin, M., Gadaleta, M., Bonetto, R. & Rossi, M. (2017). A Bayesian forecasting and anomaly detection framework for vehicular monitoring networks. 2017 IEEE 27th International Workshop on Machine Learning for Signal Processing (MLSP), Tokyo, Japan, 2017, pp. 1-6, doi: 10.1109/MLSP.2017.8168151.

Tsallis, C. (2011). The nonadditive entropy Sq and its applications in physics and elsewhere: Some remarks. Entropy, 13, 1765–1804

Keywords