Entropy-based anomaly detection method for education network
基于信息熵理论的教育网异常流量发现*

To solve the problems of low efficiency and weak detecting ability in limited anomaly types of traditional network traffic detection method, this paper gave a new method that used seven indices to mine the netflow data from routers on the backstone network with applying the slipping window-based algorithm for detecting the bursts of the entropy stream in order to discover anomalies. In the meantime, presented correlativity of these entropy indices, according to it, sorted these entropy indices into four classes which had the extremely similary detection range. The experiment results illustrate that compared to the traditional traffic, this new method is more useful and accurate.