摘要: |
The paper presents an anomaly detection method based on port network traffic feature entropy. This method first tests the normal distribution of the port distribution information entropy for a given measured flow in network boundary. On this basis, an anomaly detection algorithm is designed for the mathematical principle that the probability of random variables of normaly distribution N(μ,σ2) in interval (μ-nσ,μ+nσ)
is the same for any givenμ,σand n. The algorithm is then applied to the same network boundary, and the abnormal traffic detected during the 14-day operation is analyzed, and all exceptions can be accurately positioned for a specific event. This result indicates the effectiveness of the anomaly detection method. |