Network Anomaly Detection Using Random Forests and Entropy of Traffic Features

Tracking changes in traffic feature distributions and using it to classify traffic with different behavior is very important in the domain of network anomaly detection. Shannon entropy can be used to find changes in the normal distribution of network traffic to identify anomalies. Standardized entropy provides a measure of uniformity and randomicity on the same baseline for vectors or variables in the different sample space. Random Forests is a machine learning classification algorithm. It is best suited for the analysis of complex or distribution-imbalanced data structures embedded in small to moderate data sets. Anomaly traffic always occupied a little proportion of the whole network traffic. So we employed a combination of entropy measure and Random Forests classification to detect anomalies in network traffic. Our results demonstrate that the new technique is great promise in traffic anomaly detection.