基于流时间影响域的网络流量异常检测

针对如何提高网络流量异常行为检测准确率的问题，提出基于网络流时间影响域(TID)的网络流量检测模型.通过分析正常和异常情况下流量网络模型平均度的变化，构建了基于复杂网络平均度指标的网络流量异常检测算法.实验结果表明，基于网络流时间影响域的流量网络模型能合理地描述网络流量间的依赖关系，具有良好的检测性能，同时该网络模型仅需时间戳、源IP、目的IP三维网络特征即可实现，检测方法适用于绝大多数网络类型，检测效率优于其他网络流量异常检测方法，具有较高的普适性.

Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

Aiming at improving the accuracy rate of anomaly network traffic detection， a network traffic detection model was proposed based on the time influence domain(TID)of network flow. By analyzing the changes of average degree of traffic network model under the normal and abnormal conditions， an anomaly detection algorithm of network traffic based on the average degree metric of complex network was developed to detect the abnormal traffic. Experimental results show that based on the flow time influence domain， the anomaly detection model of traffic network can reasonably describe the inter-dependency relationship between network traffic. The proposed method has a better detection performance， meanwhile only three network features， i.e. timestamp， source IP and destination IP， are needed to implement the above model. Detection efficiency is better than other methods. The method proposed meets most network types and has a better ubiquity.