Mining network traffic anomaly based on adjustable piecewise entropy

Today network traffic anomaly detection is very challenging in a big and constantly changing network, because there are millions of flows being transferred in a network at the same time, and the flow numbers change all the time. Although traditional information entropy has been proved to be an effective metric on network traffic anomaly detection, such a metric shows some limitations in large scale networks with constantly changing flow numbers, and it makes the traditional entropy inefficient for traffic anomaly detection. Another challenge is how to process large-scale traffic data in a scalable way. In this paper, we propose Adjustable Piecewise Entropy for traffic anomaly detection, and implement Adjustable Piecewise Shannon entropy in Hadoop platform with a cluster of five servers in Tsinghua University Campus Network. Furthermore, we analyze and validate Adjustable Piecewise Entropy in both mathematics and experiments. The experiment results show that Adjustable Piecewise Entropy has better performance for traffic anomaly detection.