| 摘要 |
A method for detecting network traffic anomalies by using destination network distribution entropy is provided to calculate probability distribution based on a destination IP(Internet Protocol) address within head information of an IP packet coming from an external Internet into an internal intranet, and detecting the anomalies by calculating the entropy from the probability distribution. A method for detecting network traffic anomalies by using destination network distribution entropy comprises the following steps of: calculating entropy of traffics flowed into an intranet(103) through a board router(102) for connecting an external Internet(101) to the internal Internet(103); and determining the anomalies by comparing the calculated entropy of the traffics with pre-stored average entropy. In the above first step, the entropy of the traffics, flowed into from the external Internet(101) to the internal intranet(103), is calculated based on probability distribution by network IDs(Identification) existing on the intranet(103).
|
