摘要： 多数现有网络流量监测系统只关注流量大小，没有分析流量内部信息。该文利用熵来衡量源IP地址、目的IP地址、目的端口等流量特征参数的分布变化，从特征分布的角度对网络流量进行分析。采用该方法实现一个流量监测系统，实验结果证明，该系统具有较高检测率和较低误报率。

关键词: 流量监测, 特征分布, 熵

Abstract: Most existing network traffic supervision systems focus on the volume of traffic, and do not analyze information contained in these data. This paper utilizes entropy to capture the change of network traffic feature distribution, such as source IP address, target IP address, target port, and analyzes network traffic from the standpoint of feature distribution. It implements a supervision system by using this method. Experimental results show that this system has a higher detecting rate and a lower fault rate.

Key words: traffic supervision, feature distribution, entropy

中图分类号: 

• TP393.07