I have a dump file (CAP format) of a network traffic capture made with the Ubuntu tcp dump. Until a certain time, it is attack-free traffic. Then a series of TCP SYN flooding attacks begin. My goal is to calculate the entropy of each of the traffic moments (with and without attacks) and to compare them.
Do you know of any Python library that calculates the shannon entropy of a network traffic?
I found the following code, what do you think?
import numpy as np
import collections
sample_ips = [
"131.084.001.031",
"131.084.001.031",
"131.284.001.031",
"131.284.001.031",
"131.284.001.000",
]
C = collections.Counter(sample_ips)
counts = np.array(list(C.values()),dtype=float)
#counts = np.array(C.values(),dtype=float)
prob = counts/counts.sum()
shannon_entropy = (-prob*np.log2(prob)).sum()
print (shannon_entropy)
Imagine that I had these IPs only in traffic collected at a certain time.
I would take several trades on different days to see how entropy behaves, thus having several different entropy. What would be the best way to plot a graph using Python to check the behavior of entropy?