**Improved Estimation of Collision Entropy in High and Low-Entropy Regimes and Applications to Anomaly Detection**

*Maciej Skorski*

**Abstract: **We revisit the problem of estimating Renyi Entropy from samples, focusing on the important case of collision entropy.

With $n$ samples we approximate the collision entropy of $X$ within an additive factor of $O\left( 2^{2\Delta}\log^{\frac{1}{2}}(1/\epsilon) \right)$ with probability $1-\epsilon$, where $\Delta$ is a known (a priori) upper bound on the difference between Renyi entropies of $X$ of order 2 and 3 respectively.

In particular, we simplify and improve the previous result on estimating collision entropy due to Acharya et al. (SODA'15) up to a factor exponential in the entropy gap.

We also discuss applications of our bound in anomaly analysis, namely (a) detection of attacks against stateless sources in TRNGs, and (b) detection of DDoS attacks at network firewalls.

**Category / Keywords: **foundations / Entropy Estimators, Collision Entropy, Anomaly Detection

**Date: **received 1 Nov 2016

**Contact author: **mskorski at ist ac at

**Available format(s): **PDF | BibTeX Citation

**Version: **20161102:132916 (All versions of this report)

**Short URL: **ia.cr/2016/1035

[ Cryptology ePrint archive ]