1. Field of the Invention
The present invention relates to an apparatus and method for detecting anomalous traffic, and more particularly, to an apparatus and method for detecting anomalous traffic based on entropy of network traffic.
2. Discussion of Related Art
The development of network technology has also brought attacks targeting large scale networks such as distributed denial-of-service attacks or worm viruses, which can cause serious social problems. A method, in which a change in the number of packets or the amount of bytes is observed using a traffic characteristics analysis technique to detect anomalous traffic, is suggested as a method for detecting a network attack targeting a large scale network.
However, the conventional method for detecting anomalous traffic, which depends merely on the change in the amount, has a high false alarm rate. For example, it does not detect network attacks causing an insignificant change in the amount, or determines an excessive data flow in normal traffic as anomalous traffic.