For the existing problems of current network traffic anomaly detection, the behavior of the network traffic anomaly will show nonlinearity, non-stationarity and complexity according to the network traffic often driven...For the existing problems of current network traffic anomaly detection, the behavior of the network traffic anomaly will show nonlinearity, non-stationarity and complexity according to the network traffic often driven by the control of multiple factors. Owing to the characteristic that the internal evolution equation will lead to dynamical structure catastrophe, the phase space reconstruction method and the statistical physics method can be used to compute the macro feature values of the network traffic. By choosing some of the feature values which can obviously retlect the unusual change in the network traffic volume as control variables, a network traffic anomaly detection method based on the catastrophe series theory model is developed. Many experimental results show that the proposed network traffic anomaly detection method has a low false alarm rate under the same condition of detection rate.展开更多
基金Supported by the National Natural Science Foundation of China under Grant No 60773192.
文摘For the existing problems of current network traffic anomaly detection, the behavior of the network traffic anomaly will show nonlinearity, non-stationarity and complexity according to the network traffic often driven by the control of multiple factors. Owing to the characteristic that the internal evolution equation will lead to dynamical structure catastrophe, the phase space reconstruction method and the statistical physics method can be used to compute the macro feature values of the network traffic. By choosing some of the feature values which can obviously retlect the unusual change in the network traffic volume as control variables, a network traffic anomaly detection method based on the catastrophe series theory model is developed. Many experimental results show that the proposed network traffic anomaly detection method has a low false alarm rate under the same condition of detection rate.
