Science & Engineering Research Support soCiety (SERSC)
Anomaly traffic detecting using Netflow data is one of important problems in the field of network security. In this paper, the authors proposed an approach using MapReduce model, which was realized by means of the entropy observation and DFN (Distinct Feature Number) distribution deviations of traffic features under anomalies at small time scales. The MapReduce was used to deal with huge amounts of data with the aid of computer cluster processing. Experimental results show the effectiveness of the proposed approach.