I am building an intrusion-detection system that relies on entropy-based calculations applied over time windows to flag anomalous behaviour in user activity data. The goal is to detect subtle, previously unseen patterns rather than match against known signatures, so the core of the work is an efficient entropy engine that continuously ingests, time-stamps, and scores each event stream for deviation. My data source will be raw user-activity logs—login records, file interactions, command histories, and similar feeds collected from endpoints and servers. You may assume the logs arrive in near-real time (JSON or CSV) and contain at least a timestamp, user identifier, and event type. The system should: • Parse and normalise each record, maintaining a rolling history per user and for the population as a whole. • Compute entropy (Shannon or Rényi—please justify your choice) across sliding and tumbling windows so we can compare immediate behaviour to longer-term baselines. • Raise an alert when an entropy shift exceeds a configurable threshold, returning the supporting metrics and the related raw events. I expect well-structured, runnable code—Python with pandas/NumPy/SciPy is typical, though another language is fine if it delivers the same reproducible results—along with a concise README that shows how to install dependencies, feed sample logs, and interpret the output. Success is measured by: • Clean execution on my sample dataset (≈1 GB of mixed user activity). • Alerts that capture injected anomalies while keeping false positives under control. • Clear explanation of the entropy logic, window sizes, and threshold calculation so I can tune them later. If you have previous experience with time-series anomaly detection or entropy analytics, please mention it in your proposal and include a link to a comparable project or repository.