Multi-scale Entropy and Renyi Cross Entropy Based Traffic Anomaly Detection
The idea of using entropy measurement to detect anomalies is not a novelty in the research community. But all these entropy-based approaches are single-scale based “complexity methods, and don’t consider temporal and spatial correlation in network traffic. In this paper, multi-scale entropy (MSE) and Renyi cross entropy are introduced to solve these problems. First, a kind of Port-to-Port traffic termed IF-flow in router is defined. Internal traffic matrix can be constructed by IF-flows. Then a new scheme based on MSE and Renyi cross entropy is proposed to detect traffic anomaly existed in IF-flow matrix. MSE is used to detect IF-flow traces in time scales. Renyi cross entropy is used to detect anomaly existed in IF-flow matrix in space and small scale time, and pinpoint IF-flow(s) responsible for entropy change. An improved method to calculate Renyi Cross entropy is proposed to reduce false alarm and identify anomaly duration. The experimental results indicate the scheme can detect anomaly accurately in time and space.
anomaly detection IF-flow Multi-scale entropy Renyi cross entropy Traffic matrix
Ruoyu Yan Qinghua Zheng Weimin Peng
MOE KLINNS Lab and SKLMS Lab,Department of Computer Science and Technology,Xian Jiaotong University MOE KLINNS Lab and SKLMS Lab,Department of Computer Science and Technology,Xian Jiaotong University School of Information Science,Guangdong Ocean University Zhanjiang,Guangdong Proviance,China
国际会议
广州
英文
2008-11-19(万方平台首次上网日期,不代表论文的发表时间)