基于分形理论的网络流量异常检测技术

传统网络流量异常检测技术不能适应网络流量的复杂性,异常检测精度低,不能保证实时性,为此,提出一种新的基于分形理论的网络流量异常检测技术。通过FIR滤波方法对流量的时间序列进行预处理。采用Schwarz信息准则对网络流量异常检测问题进行处理,估测网络流量异常点数量与位置。采用R/S分析法求出自相似指数Hurst值,依据Hurst值对网络流量时间序列的分形特征进行分析。引入滑动窗口完成多网络流量异常点的检测,在检测异常点处对流量进行分形处理,依据自相似指数计算过程获取异常点间的流量自相似指数值,保存异常点之后的流量,为下一个流量异常点的检测提供依据。实验结果表明,所提技术实现过程简单,网络流量异常检测精度高,保证了实时性。

Network traffic anomaly detection technology based on Fractal Theory

The traditional network traffic anomaly detection technology can not adapt to the complexity of the network traffic anomaly detection accuracy is low, can not guarantee real-time, therefore, put forward a new kind of network traffic anomaly detection technology based on fractal theory. FIR filtering method is used to preprocess the time series of traffic flow. Schwarz information criterion is used to deal with the network traffic anomaly detection problem, and the number and location of network traffic anomaly points are estimated. The Hurst value of self similarity index was calculated by R/S analysis method, and the fractal characteristics of network flow time series were analyzed based on Hurst value. The introduction of sliding window detection of multi network traffic anomaly detection of abnormal point, in point of traffic based on Fractal processing, self similarity index calculation process to obtain the abnormal point between traffic self similarity index, then save abnormal traffic, provide the basis for the detection of a traffic anomaly point. The experimental results show that the proposed method is simple, and the network traffic anomaly detection accuracy is high, and the real-time performance is guaranteed.