the relation of entropy to anomaly detection - what does entropy mean here? how does this work?

Aleksey Tsalolikhin Mon, 09 May 2011 22:53:11 -0700

Hi.  I see we have some classes for anomaly detection:

entropy_cfengine_in_low entropy_cfengine_out_low entropy_dns_in_low
entropy_dns_out_low entropy_ftp_in_low entropy_ftp_out_low
entropy_icmp_in_low entropy_icmp_out_low entropy_irc_in_low
entropy_irc_out_low entropy_misc_in_low entropy_misc_out_low
entropy_netbiosdgm_in_low entropy_netbiosdgm_out_low
entropy_netbiosns_in_low entropy_netbiosns_out_low
entropy_netbiosssn_in_low entropy_netbiosssn_out_low
entropy_nfsd_in_low entropy_nfsd_out_low entropy_smtp_in_low
entropy_smtp_out_low entropy_tcpack_in_low entropy_tcpack_out_low
entropy_tcpfin_in_low entropy_tcpfin_out_low entropy_tcpsyn_in_low
entropy_tcpsyn_out_low entropy_udp_in_low entropy_udp_out_low
entropy_www_in_low entropy_www_out_low entropy_wwws_in_low
entropy_wwws_out_low


What is entropy here and how it is computed?  Are both low and high
entropy "bad"?  Or is low entropy good, high entropy bad?
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

the relation of entropy to anomaly detection - what does entropy mean here? how does this work?

Reply via email to