Automatic tactical network node configuration with XML and SNMP, Journal of Telecommunications and Information Technology, 2008, nr 2

In the paper, we describe a "plug-and-play" configuration of nodes of a tactical network on the basis of XML configuration templates and a network plan, developed during the network planning process. We present the concept of a configuration repository, an XML-based database that stores network structure and configuration data, and describe how the Simple Network Management Protocol is used to apply the settings to network devices. We also comment on a possible use of the next-generation NETCONF protocol for such a task

An Entropy-Based Network Anomaly Detection Method

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method

Entropy-based network anomaly detection

Promotor: Marcin Szpyrka, Bartosz Jasiul.Recenzent: Jan Bazan, Wojciech Mazurczyk.Niepublikowana praca doktorska.Tyt. z ekranu tyt.Praca doktorska. AGH University of Science and Technology in Krakow. Faculty of Electrical Engineering, Automatics, Computer Science and Biomedical Engineering. Department of Applied Computer Science, 2015.Zawiera bibliogr.Dostępna również w wersji drukowanej.Tryb dostępu: Internet.General overview of network anomaly techniques, closely related work, detection via network volume counters, detection via network feature distributions, existing datasets, entropy-based network anomaly detector preface, main features, classification of the approach, entropy, shannon entropy, parameterized entropy, comparison, binominal distribution, uniform distributio, impact of frequent and rare events, entropy of exemplary distributions, network flows, flows vs. packets, flow export, operating principle, problems and difficulties, NetFlow export setup, entropy-based network anomaly detector, architecture, implementation, dataset, origin of the idea, legitimate traffic, anomaly generator, verification of the approach, correlation, performance evaluation, on-line analysis in a real environment, multi-classifier, multi-label approach, datase