An Improved Anomaly Detection Method Based on Entropy Analysis for Large Scale Network Using Data Stream Technique
Entropy-based approaches for anomaly detection are appealing since they provide more fine-grained insights than traditional traffic volume analysis. While previous work has demonstrated the benefits of entropy-based anomaly detection, there has been little effort to make entropy analysis more efficient on a large scale and high speed network. With the Netflow records increasing, entropy analysis will cost unacceptable time and storage space. In this paper, the authors apply data stream technique in entropy-based anomaly detection. A filter is designed to decrease the number of Netflow records, a synopsis structure is used to decrease the storage space of entropy analysis results.