| With the rapid development and wide spread application of the Internet, the demand for network resources is growing rapidly. Meanwhile, there are a large number of attacks on the network, which seriously affect the performance of the network. The direct manifestation of network attacks is network traffic anomalies, which should be detected quickly and effectively. In this paper we proposed a new algorithm, which called Sliding Window Wavelet Binary Tree(SWBT), and it can detect and analyze the network anomalies. Using SWBT and ARX model, we can model and forecast network traffic. Then clustering and outlier detection will be realized by Clustering Expectation Maximization Algorithm.Firstly we introduce the characteristics and algorithm of SWBT. It can deal with the redundancy which generated by sliding window. This algorithm achieve such result that when updating a data on original signal window, it simultaneously updates the wavelet coefficients of the wavelet decomposition level. So it's a real-time algorithm. Then we modeling the wavelet coefficients of each level by ARX model. After modeling we obtain the outlier series and analyze its adaptive prediction in time series. Finally, we analyze the principle of Gaussian mixture model and clustering EM algorithm, which should be applying in clustering analysis and anomaly detection of the ARX model outlier series. By the collaborative analysis of several mathematical models, we successfully realized the anomaly detection of network traffic, and also made some achievements in real-time testing. We then evaluate our approach with the KDDCup99 dataset and conduct a network traffic experiment. Evaluation results show that the approach achieves a higher degree in anomaly detection. |
PDF Full Text Request