Research of Applying Information Entropy and Clustering Technique on Network Traffic Analysis

At the present time, most existing network traffic analysis techniques just focus on the traffic volume. But the fact is that most typical network behavior like DoS, port scan and network scan, etc, also induce some feather parameter distribution of network traffic changed usually. In view of this characteristic, this paper proposes a non-supervised analysis technique for network traffic by introducing information entropy and clustering. This analysis technique partitions the unlabeled traffic data into different clusters based on the comparability by analyzing the distribution of some traffic feather parameters. Then it can make sure the network behavior and the host machine that the corresponding behavior happened on by analysis the mode of cluster further.The experimental result indicates that it can help user know the state of network traffic from the parameter distribution and get good effect in distinguishing anomaly by using this technique to analyze network traffic. So it shows that introducing the entropy and clustering can help managers comprehend the changes of traffic state more comprehensive and find out some baleful network behavior.