Research On The Anomaly Detection Methods Of The Network Traffic Based On Catastrophe Theory And Synergetic

With the development of computer network communication technology, user groups get larger and the network size is growing. There have been more and more types of business network services. These lead to network structures becoming more complex. The Internet and computer network expose the increasing security threats. In such a network environment with rapidly growing security threats and a variety of network attacks driven by interests, asking for a better quality of service has become an inevitable trend and developping an effective real-time network anomaly detection method has become a serious and urgent challenge.The network is a complex and open system. The generation of the network traffic is a complex process which driven by many factors, such as network devices, topology, transfer protocol, as well as the interactive cooperation and competition between the network users. Many studies have investigated that network traffic often shows the characteristics such as nonlinear, non-stationary, seemingly random chaos, long-range dependency and complex dynamic structure catastrophe. According to these characteristics of the network, the non-linear dynamic, catastrophe theory and synergetic are reseached to detect the network traffic anomalies.As the network traffic is often driven by many factors that are represented by the feature parameters. By analizing many feature parameters(such as chaos Lyapunov index, dynamic self-correlation index, Hurst index, high order moments and lower order moments etc), which can present the characteristics of the network, we extract the primary feature parameters from them to be better for detecting the network traffic anomalies.According to the non-stationary, non-linear and complex catastrophe characteristics of the network traffic, we propose a new anomaly detection method of the network traffic based on the catastrophe progression theory. With the chaos theory, self-similar, long dependence and statistical physics theory, we first compute the feature parameters of the network traffic and choose some feature parameters which can reflect significant changes of the network traffic to construct the catastrophe model. According to the catastrophe bifurcation set, the normalized formulas can be inferred. Then we use the catastrophe progression theory corresponding to the butterfly catastrophe model to detect the anomalies of the network traffic. The experimental results show that the proposed method has low false alarm ratio and very high detection accuracy than that of using the single feature.When network anomalies occur, the network traffic will change from one equilibrium state to another equilibrium state. There exists a transient process in the change process and the transient process is a non-stationary catastrophe process. According to the process, a network traffic anomalies method based on the catastrophe equilibrium surface is proposed. Specially, a catastrophe potential function is introduced to describe the catastrophe characteristic of the network traffic and an equilibrium surface stated by the catastrophe manifold is used to represent the equilibrium state of the normal behaviors of the network. When the behaviors of the network shifts to be abnormal, the state of the network deviates from the equilibrium surface and even transforms to another equilibrium state. Thus, the abnormal state of the network traffic can be detected by the degree of the deviation, which is quantified by the catastrophe distance. To evaluate the performance of our approach, we apply it on the DARPA dataset. The results show that our approach based on catastrophe theory is relatively effective to detect the network traffic anomalies.Considering the impact of many factors, usually only a few factors are predominant in determining the trend process of the network traffic when the network traffic anomalies occur. We propose a network traffic anomlies method based on the synergetic. In our method, a synergetic dynamic equation based on the order parameters is used to describe the complex behavior of the network traffic system and syngergetic potential function is used to present the non-stationary change process. The order parameters are the primary factors that dominate the change process. When the synergetic dynamic equation is evolved, only the converged order parameters exist. Then the network traffic anomalies can be detected by the the converged order parameters.