NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error

Abstract

Intrusion Detection Systems (IDSs) are used to intercept unauthorized access and malicious activity in computer networks. However, cyber-attacks are becoming more sophisticated, using evasion techniques to prevent signature-based detection. The rise of previously unseen attacks poses a critical challenge to IDSs. In this work, we present a lightweight approach to anomaly detection in network traffic that exploits the entropy of packet header features to reveal attacks. Detection is performed through a predictive model and a sliding window cumulative sum algorithm. The experimental evaluation, conducted on various attacks, indicates our system’s effectiveness in detecting attacks generating both high and low amounts of traffic, maintaining a low false alarm rate.