| 摘要 |
IP state-vector manager determines state vector value by updating token numbers of IP state vector according to source and destination IP addresses of the received packet, and obtains state number of state vector value by counting state vector value. Port-number state-vector manager determines state vector value by updating token numbers of port-number state vector according to source and destination token numbers of packet, and obtains state number of state vector value by counting state vector value. Entropy calculator calculates entropies related to IP address and port number, based on number and state number of state vector values related to IP state vector and port-number state vector. Anomalous event determiner determines whether there is anomalous event in network based on calculated entropies. Anomalous event can be efficiently detected with minimized false negative and positive rates.
|
