Self-adaptive Threshold Traffic Anomaly Detection Based on varphi-Entropy and the Improved EWMA Model

摘要

Information entropy is an important method for network traffic anomaly detection. Φ-Entropy is a kind of information entropy which has better performance than Shannon Entropy and Rényi Entropy. In this paper, we correct some flaws in Φ-Entropy and use Φ-Entropy to describe the correlation between network traffic. Most of traffic anomaly detection algorithms use a fixed threshold for anomaly judgment, but these methods cannot keep a high detection accuracy in numerous cases. Aiming at this problem, this paper proposes a method to generate a self-adaptive threshold based on the improved Exponentially Weighted Moving Average (EWMA) model. The method predicts the value of Φ-Entropy at the next moment and further generate the threshold. Results of simulation and experiment show that the algorithm can effectively detect abnormal network traffic.