Computational Complexity of Anomaly Detection Methods

As the typical anomaly detection methods using statistics, entropy and $\chi^2$ based method has been researched and reported with their performance properties for anomaly attacks. In this research, we compare the time complexity of two our proposed detection method aiming to evaluate the performance of our system. Our previous researches have clarified that the source IP address and destination port number are efficient statistical variables to view the anomaly packet property, which lead to detect correctly. In this paper, we propose EMMM method for entropy value and CSDM method of $\chi^2$ value using multi statistical variables. The evaluation to verify the time complexity of our proposed methods were conducted using source IP address, destination port number and arriving interval of packets. We could extract the following results. Firstly, the total time complexity of the EMMM method is $O(n)$ for the $n$ total packets, and the time complexity of one window is $O(W)$. Secondly, the time complexity of CSDM for one window is $O(NW+Nm\log m)$.