Cluster Computing

, Volume 22, Supplement 4, pp 8309–8317 | Cite as

Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment

  • Chen YangEmail author


In recent years, there are more and more abnormal activities in the network, which greatly threaten network security. Hence, it is of great importance to collect the data which indicate the running statement of the network, and distinguish the anomaly phenomena of the network in time. In this paper, we propose a novel anomaly network traffic detection algorithm under the cloud computing environment. Firstly, the framework of the anomaly network traffic detection system is illustrated, and six type of network traffic features are consider in this work, that is, (1) number of source IP address, (2) number of source port number, (3) number of destination IP address, (4) number of destination port number, (5) Number of packet type, and (6) number of network packets. Secondly, we propose a novel hybrid information entropy and SVM model to tackle the proposed problem by normalizing values of network features and exploiting SVM detect anomaly network behaviors. Finally, experimental results demonstrate that the proposed algorithm can detect anomaly network traffic with high accuracy and it can also be used in the large scale dataset.


Anomaly network traffic detection Information entropy measurement Cloud computing Support vector machine Quantum behaved particle swarm optimization 



The authors are very thankful to the editors and anonymous reviewers for providing very thoughtful comments which have lead to an improved version of this paper. This work was supported by the Natural Science Foundation of China (No. 61572033) and also supported by General program of humanistic and social science research in Anhui provincial higher education promotion plan (TSSK2016B27); 2017 General topic capital of online educational research fund by online education research center of Department of Education(2017YB101) and Key topics of national education information technology research(176120003).


  1. 1.
    Jiang, D.D., Xu, Z.Z., Zhang, P., Zhu, T.: A transform domain-based anomaly detection approach to network-wide traffic. J. Netw. Comput. Appl. 40, 292–306 (2014)CrossRefGoogle Scholar
  2. 2.
    Zheng, L.M., Zou, P., Jia, Y., Han, W.H.: Traffic anomaly detection in backbone networks using classification of multidimensional time series of entropy. China Commun. 9(7), 108–120 (2012)Google Scholar
  3. 3.
    Qian, Y.G., Wu, C.M., Yang, Q., Wang, B.: Network traffic anomaly detection based on maximum entropy model. Chin. J. Electron. 21(3), 579–582 (2012)Google Scholar
  4. 4.
    Choras, M., Saganowski, L., Renk, R., Holubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Syst. 29(3), 232–245 (2012)CrossRefGoogle Scholar
  5. 5.
    Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012)CrossRefGoogle Scholar
  6. 6.
    Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods. Int. J. Sens. Netw. 11(4), 205–214 (2012)CrossRefGoogle Scholar
  7. 7.
    Simmross-Wattenberg, F., Asensio-Perez, J.I., Casaseca-de-la-Higuera, P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)CrossRefGoogle Scholar
  8. 8.
    Xiong, W., Hu, H.P., Xiong, N.X., Yang, L.T., Peng, W.C., Wang, X.F., Qu, Y.Z.: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communication? Inf. Sci. 258, 403–415 (2014)CrossRefGoogle Scholar
  9. 9.
    Zhang, J., Zhang, Z.F., Guo, H.: Towards secure data distribution systems in mobile cloud computing. IEEE Trans. Mob. Comput. 16(11), 3222–3235 (2017)CrossRefGoogle Scholar
  10. 10.
    Stergiou, C., Psannis, K.E.: Efficient and secure BIG data delivery in cloud computing. Multimedia Tools Appl. 76(21), 22803–22822 (2017)CrossRefGoogle Scholar
  11. 11.
    Priyadarshinee, P., Raut, R.D., Jha, M.K., Gardas, B.B.: Understanding and predicting the determinants of cloud computing adoption: a two staged hybrid SEM—neural networks approach. Comput. Hum. Behav. 76, 341–362 (2017)CrossRefGoogle Scholar
  12. 12.
    Parthasarathy, S., Venkateswaran, C.J.: Scheduling jobs using oppositional-GSO algorithm in cloud computing environment. Wireless Netw. 23(8), 2335–2345 (2017)CrossRefGoogle Scholar
  13. 13.
    Cheng, L., Tachmazidis, I., Kotoulas, S., Antoniou, G.: Design and evaluation of small-large outer joins in cloud computing environments. J. Parallel Distrib. Comput. 110, 2–15 (2017)CrossRefGoogle Scholar
  14. 14.
    Nie, L.S., Jiang, D.D., Lv, Z.H.: Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks. Ann. Telecommun. 72(5–6), 297–305 (2017)CrossRefGoogle Scholar
  15. 15.
    Bang, J.H., Cho, Y.J., Kang, K.: Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a Hidden semi-Markov Model. Comput. Secur. 65, 108–120 (2017)CrossRefGoogle Scholar
  16. 16.
    AsSadhan, B., Zeb, K., Al-Muhtadi, J., Alshebeili, S.: Anomaly detection based on LRD behavior analysis of decomposed control and data planes network traffic using SOSS and FARIMA Models. IEEE Access 5, 13501–13519 (2017)CrossRefGoogle Scholar
  17. 17.
    Zhang, Z.H., He, Q., Tong, H.H., Gou, J.Z., Li, X.L.: Spatial-temporal traffic flow pattern identification and anomaly detection with dictionary-based compression theory in a large-scale urban network. Transp. Res. Part C 71, 284–302 (2016)CrossRefGoogle Scholar
  18. 18.
    Kasai, H., Kellerer, W., Kleinsteuber, M.: Network volume anomaly detection and identification in large-scale networks based on online time-structured traffic tensor tracking. IEEE Trans. Netw. Serv. Manage. 13(3), 636–650 (2016)CrossRefGoogle Scholar
  19. 19.
    Jiang, D.D., Yuan, Z., Zhang, P., Miao, L., Zhu, T.: A traffic anomaly detection approach in communication networks for applications of multimedia medical devices. Multimedia Tools Appl. 75(22), 14281–14305 (2016)CrossRefGoogle Scholar
  20. 20.
    Ding, M.M., Tian, H.: PCA-based network traffic anomaly detection. Tsinghua Sci. Technol. 21(5), 500–509 (2016)CrossRefGoogle Scholar
  21. 21.
    Derhab, A., Bouras, A.: Lightweight anomaly-based intrusion detection system for multi-feature traffic in wireless sensor networks. Ad Hoc Sens. Wireless Netw. 30(3–4), 201–217 (2016)Google Scholar
  22. 22.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: A multi-step outlier-based anomaly detection approach to network-wide traffic. Inf. Sci. 348, 243–271 (2016)CrossRefGoogle Scholar
  23. 23.
    Zhang, J., Li, H.Z., Gao, Q.G., Wang, H., Luo, Y.L.: Detecting anomalies from big network traffic data using an adaptive detection approach. Inf. Sci. 318, 91–110 (2015)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Santiago-Paz, J., Torres-Roman, D., Figueroa-Ypina, A., Argaez-Xool, J.: Using generalized entropies and OC-SVM with Mahalanobis kernel for detection and classification of anomalies in network traffic. Entropy 17(9), 6239–6257 (2015)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Jiang, D.D., Yao, C., Xu, Z.Z., Qin, W.D.: Multi-scale anomaly detection for high-speed network traffic. Trans. Emerg. Telecommun. Technol. 26(3), 308–317 (2015)CrossRefGoogle Scholar
  26. 26.
    Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Yuan, J., Yuan, R.X., Chen, X.: Network anomaly detection based on multi-scale dynamic characteristics of traffic. Int. J. Comput. Commun. Control 9(1), 101–112 (2014)CrossRefGoogle Scholar
  28. 28.
    Bay, S., Schwabacher, M.: Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In: Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 29–38 (2003)Google Scholar
  29. 29.
    Breunig, M. M., Kriegel, H. -P., Ng, R. T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, 386–395 (2000)Google Scholar
  30. 30.
    Pei, Y., Zaiane, O. R., Gao, Y.: An efficient reference-based approach to outlier detection in large datasets. In: Proceedings of the 6th International Conference on Data Mining, IEEE, USA, 478–487 (2006)Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Modern education technology centerAnhui Polytechnic UniversityAnhuiChina

Personalised recommendations