Abstract:
The detection of significant events in heterogeneous networks, such as DDoS attacks, presents a challenge, both because of the diversity and unpredictable nature of events, and because the “normal” background traffic often varies quite naturally. Conventional approaches for detection of such events usually involve either monitoring for specific event signatures, or a statistical approach, which usually requires monitoring a large number of statistical features. In recent years, several papers have proposed the use of entropy- and complexity-based measures as a viable alternative. The present paper argues that T-entropy is a suitable measure in this sense and provides some experimental evidence in support.