Multi-Scale Entropy and Renyi Cross Entropy Based Traffic Anomaly Detection

Executive Summary

The idea of using entropy measurement to detect anomalies is not a novelty in the research community. But all these entropy-based approaches are single-scale based "Complexity" methods, and don't consider temporal and spatial correlation in network traffic. In this paper, Multi-Scale Entropy (MSE) and Renyi cross entropy are introduced to solve these problems. First, a kind of Port-to-Port traffic termed IF-flow in router is defined. Internal traffic matrix can be constructed by IF-flows. Then a new scheme based on MSE and Renyi cross entropy is proposed to detect traffic anomaly existed in IF-flow matrix. MSE is used to detect IF-flow traces in time scales.

