Renyi entropy-driven network traffic anomaly detection with dynamic threshold
Abstract Network traffic anomaly detection is a critical issue in network security. Existing Abnormal traffic detection methods rely on statistical-based or anomaly-based approaches, and these detection methods all require a full understanding of traffic characteristics and attack patterns. Informat...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2024-12-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00249-1 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846136972485066752 |
|---|---|
| author | Haoran Yu Wenchuan Yang Baojiang Cui Runqi Sui Xuedong Wu |
| author_facet | Haoran Yu Wenchuan Yang Baojiang Cui Runqi Sui Xuedong Wu |
| author_sort | Haoran Yu |
| collection | DOAJ |
| description | Abstract Network traffic anomaly detection is a critical issue in network security. Existing Abnormal traffic detection methods rely on statistical-based or anomaly-based approaches, and these detection methods all require a full understanding of traffic characteristics and attack patterns. Information entropy has been widely studied in abnormal traffic detection because it can describe the distribution characteristics of network traffic. However, this method makes it difficult to cope with the timing and variability of network traffic. To address these challenges, this paper proposes a network traffic anomaly detection method based on Renyi entropy. Simultaneously, we introduce a fixed time window and utilize an improved EWMA model within this window to dynamically set thresholds for anomaly detection. Experimental results show that the method proposed in this paper is superior to popular abnormal traffic detection methods in terms of effectiveness and efficiency, it is better adapted to the dynamic changes of network traffic and provides a more reliable solution for anomaly detection. |
| format | Article |
| id | doaj-art-3b95342bea9048e58cb3e00a4a3e56e6 |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-3b95342bea9048e58cb3e00a4a3e56e62024-12-08T12:34:23ZengSpringerOpenCybersecurity2523-32462024-12-017111310.1186/s42400-024-00249-1Renyi entropy-driven network traffic anomaly detection with dynamic thresholdHaoran Yu0Wenchuan Yang1Baojiang Cui2Runqi Sui3Xuedong Wu4School of Cyberspace Security, Beijing University of Posts and TelecommunicationsSchool of Cyberspace Security, Beijing University of Posts and TelecommunicationsSchool of Cyberspace Security, Beijing University of Posts and TelecommunicationsSchool of Cyberspace Security, Beijing University of Posts and TelecommunicationsSchool of Cyberspace Security, Beijing University of Posts and TelecommunicationsAbstract Network traffic anomaly detection is a critical issue in network security. Existing Abnormal traffic detection methods rely on statistical-based or anomaly-based approaches, and these detection methods all require a full understanding of traffic characteristics and attack patterns. Information entropy has been widely studied in abnormal traffic detection because it can describe the distribution characteristics of network traffic. However, this method makes it difficult to cope with the timing and variability of network traffic. To address these challenges, this paper proposes a network traffic anomaly detection method based on Renyi entropy. Simultaneously, we introduce a fixed time window and utilize an improved EWMA model within this window to dynamically set thresholds for anomaly detection. Experimental results show that the method proposed in this paper is superior to popular abnormal traffic detection methods in terms of effectiveness and efficiency, it is better adapted to the dynamic changes of network traffic and provides a more reliable solution for anomaly detection.https://doi.org/10.1186/s42400-024-00249-1Renyi entropyNetwork trafficAnomaly detection |
| spellingShingle | Haoran Yu Wenchuan Yang Baojiang Cui Runqi Sui Xuedong Wu Renyi entropy-driven network traffic anomaly detection with dynamic threshold Cybersecurity Renyi entropy Network traffic Anomaly detection |
| title | Renyi entropy-driven network traffic anomaly detection with dynamic threshold |
| title_full | Renyi entropy-driven network traffic anomaly detection with dynamic threshold |
| title_fullStr | Renyi entropy-driven network traffic anomaly detection with dynamic threshold |
| title_full_unstemmed | Renyi entropy-driven network traffic anomaly detection with dynamic threshold |
| title_short | Renyi entropy-driven network traffic anomaly detection with dynamic threshold |
| title_sort | renyi entropy driven network traffic anomaly detection with dynamic threshold |
| topic | Renyi entropy Network traffic Anomaly detection |
| url | https://doi.org/10.1186/s42400-024-00249-1 |
| work_keys_str_mv | AT haoranyu renyientropydrivennetworktrafficanomalydetectionwithdynamicthreshold AT wenchuanyang renyientropydrivennetworktrafficanomalydetectionwithdynamicthreshold AT baojiangcui renyientropydrivennetworktrafficanomalydetectionwithdynamicthreshold AT runqisui renyientropydrivennetworktrafficanomalydetectionwithdynamicthreshold AT xuedongwu renyientropydrivennetworktrafficanomalydetectionwithdynamicthreshold |