METHOD FOR COMPUTER NETWORK TRAFFIC ANALYSIS BASED ON ENTROPY CHARACTERISTICS AND MULTIVARIATE MATHEMATICAL STATISTICS

Abstract

Modern computer networks generate traffic whose behaviour changes over time not only in volume but also in internal structure. Because of this, anomaly detection cannot be reduced to fixed thresholds on separate metrics; it must account for changes in address, port, and protocol distributions together with the joint variation of interrelated traffic descriptors.

This paper presents a method for computer network traffic analysis based on entropy characteristics and multivariate mathematical statistics. The method transforms packet or flow observations collected within a time window into a state vector that combines entropy measures of categorical traffic attributes with volumetric, dispersion, and flow descriptors.

The proposed approach includes formalization of the traffic analysis process, construction of an informative feature system, a multivariate model of normal traffic states, and a structural model of the detection procedure. Algorithmic implementation is organized as a sequence of window formation, empirical distribution estimation, entropy computation, standardization, principal component transformation, multivariate statistical control, and interpretation of feature contributions.

The paper also outlines a methodology for evaluating the developed method in terms of detection quality, robustness to parameter settings, sensitivity to structural changes, and interpretability of monitoring decisions. The resulting framework is intended for traffic monitoring tasks in which payload-independent analysis and adaptation to non-stationary network behaviour are required.