An Entropy-based Approach to Detecting Anomalies in Voice over Internet Protocol (VoIP) Traffic

Report No. ARL-TR-5124
Authors: Gardner W. Thompson
Date/Pages: March 2010; 18 pages
Abstract: Computer intrusion is a growing concern and field of investigation among government and private agencies. The main issue with most of the current Intrusion Detection Systems (IDSs) is that they are based on signature based observations, which means this class of detection system will only alert on attacks that the system is programmed to see. Entropy can be applied in various ways to examine data, but it is not a standalone IDS. It offers a theoretical, yet practical approach for the detection of abnormal patterns of behavior.
Distribution: Approved for public release
  Download Report ( 0.108 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: March 1, 2010