Abnormal Traffic Situation Awareness Model Based on Information Entropy

This paper proposed a situation awareness model about network abnormal traffic based on information entropy to deal with large quantities of abnormal network traffic produced by DDos and worm-attack. It examines ISP POPs traffic characteristics with distributed information entropy algorithm, distracts the memory and calculation consumption from one point to each point, and adds association analysis engine to collect and analyze the alarm. Experimental results show that the model possesses good detection capability and space-time performance for the abnormal traffic in low-rate and high-rate situations.