At the present time, most existing network traffic supervision systems just focus on the traffic volume, which leads to a wealth of information contained in this data source being not mined well. In view of this situation, this paper utilizes entropy to capture the distribution change of network traffic feature parameters such as source IP, destination IP and destination port, and analyses the network traffic from this point of view. The method which adopts the change of the network traffic feature parameters distribution to discover anomalies is different from previous methods which pay more attention to the volume of the traffic. By using this method, we can capture the microscopical anomalies. Finally, we use this method to implement such a supervision system and the experimental result shows that the system pattern which analyzes both volume and feature parameters distribution of traffic has a higher detecting rate and lower false rate.
展开▼
