Skip to main content
. 2021 Sep 12;21(18):6116. doi: 10.3390/s21186116

Table 2.

Analysis of the ability to classify attacks by our anomaly detection method.

Activity Type Entropy of Incoming Traffic Entropy of Outgoing Traffic Entropy of CPU Load Note
Normal operation no increases no increases no increases Received packets:
−1 < DLij < 1; −1 < DLji < 1
Sent packets:
−0.5 <DLij < 0.5; −0.5 <DLji <0.5
CPU load:
−0.02 < Dij < 0; 0 < Dji < 0.02
Payload in the normal range increases in the normal range Received packets:
−1 < DLij < 1; −1 < DLji < 1
Sent packets:
−0.5 < DLij < 0.5; −0.5 < DLji < 0.5
CPU load:
−0.02 < Dij < 0; 0 < Dji < 0.02
SYN flood attack significant increase significant increase significant increase Received packets:
0 < DLij < 1; 7 < DLji < 25
Sent packets:
10 < DLij < 400; −0.5 < DLji < 1
CPU load:
−0.01 < Dij < 0; 0 < Dji < 0.9
Deauthentication significant increase significant increase in the normal range Received packets:
0 < DLij < 20; −3 < DLji < 0
Sent packets:
0 < DLij < 40; −5 < DLji < 1
CPU load:
−0.06 < Dij < 0; 0 < Dji < 0.06