Table 2.
Activity Type | Entropy of Incoming Traffic | Entropy of Outgoing Traffic | Entropy of CPU Load | Note |
---|---|---|---|---|
Normal operation | no increases | no increases | no increases | Received packets: −1 < DLij < 1; −1 < DLji < 1 Sent packets: −0.5 <DLij < 0.5; −0.5 <DLji <0.5 CPU load: −0.02 < Dij < 0; 0 < Dji < 0.02 |
Payload | in the normal range | increases | in the normal range | Received packets: −1 < DLij < 1; −1 < DLji < 1 Sent packets: −0.5 < DLij < 0.5; −0.5 < DLji < 0.5 CPU load: −0.02 < Dij < 0; 0 < Dji < 0.02 |
SYN flood attack | significant increase | significant increase | significant increase | Received packets: 0 < DLij < 1; 7 < DLji < 25 Sent packets: 10 < DLij < 400; −0.5 < DLji < 1 CPU load: −0.01 < Dij < 0; 0 < Dji < 0.9 |
Deauthentication | significant increase | significant increase | in the normal range | Received packets: 0 < DLij < 20; −3 < DLji < 0 Sent packets: 0 < DLij < 40; −5 < DLji < 1 CPU load: −0.06 < Dij < 0; 0 < Dji < 0.06 |