Entropy deviation method for analyzing network intrusion

摘要

Intrusion Detection plays a vital role in networks. In this paper, we propose a new method of finding out network anomalies using network behavior analysis based on network entropy. The proposed model works towards the determination of malicious IP addresses requesting services from the server. The Proposed Entropy Deviation method(EDM) has been implemented by capturing real time data, a resultant file is generated containing the list of IP addresses along with their entropy deviation of the attackers' machine. The model concludes that low entropy value determines that the user shows a normal behavior and a huge deviation from the regular entropy value determines the anomaly. The proposed EDM has great potential to embellish in this field by remodeling the reliability of networks as it helps preventing attacks.