Analysis of flow-based anomaly detection using Shannon’s entropy

Modern networks have to provide protection from many threats that exist online. There is a trend of growing network attacks, both in type and scope. Today, one of the most dangerous attacks is botnet. Early detection is crucial for minimizing the effect that malicious attacks can cause. One of the methods that gained a lot of attention is entropy-based anomaly detection using NetFlow data. In this paper, we examined detection performances of this method using additional features calculated from the second degree aggregation.