## Cryptology ePrint Archive: Report 2016/1035

Improved Estimation of Collision Entropy in High and Low-Entropy Regimes and Applications to Anomaly Detection

Maciej Skorski

Abstract: We revisit the problem of estimating Renyi Entropy from samples, focusing on the important case of collision entropy.

With $n$ samples we approximate the collision entropy of $X$ within an additive factor of $O\left( 2^{2\Delta}\log^{\frac{1}{2}}(1/\epsilon) \right)$ with probability $1-\epsilon$, where $\Delta$ is a known (a priori) upper bound on the difference between Renyi entropies of $X$ of order 2 and 3 respectively.

In particular, we simplify and improve the previous result on estimating collision entropy due to Acharya et al. (SODA'15) up to a factor exponential in the entropy gap.

We also discuss applications of our bound in anomaly analysis, namely (a) detection of attacks against stateless sources in TRNGs, and (b) detection of DDoS attacks at network firewalls.

Category / Keywords: foundations / Entropy Estimators, Collision Entropy, Anomaly Detection