| At present, Internet boom and information's rapid spread has made the networkbecoming an essential part for people's life and work. However, along with it variousanomalies associated with attacks, viruses also made tremendous impact on people'sInternet life. As a subject closely related with people's working and living, networksecurity has become more and more important. Network traffic anomaly detection is animportant aspect in the network security, which refers to that the network trafficbehavior deviates from its normal situation. As the Internet environment becomes moreand more complex and the network scale expands greater and greater, the unexpectedanomaly occurs constantly, which brings great loss to Internet services. This makespeople put forward higher requirements for the speed and real-time of network trafficanomaly detection. How to quickly perceive the traffic anomaly is a new demand in thenetwork anomaly detection.Conventional network traffic anomaly detection methods are mostly based onfeatures matching, and such methods must be pre-established feature library, whichshould be trained and learned. These methods can be broadly divided into the off-linemode and the on-line mode. The off-line mode means that both the data collection andthe feature library generation will be achieved before test. This method is weak inflexibility, which is obvious to conclude. Network conditions or even changes in thesystem would give rise to all states reset. However, through the on-line mode we canovercome the disadvantages of the off-line mode. We can update the feature librarycontinually using the on-line learning, thus the flexibility and the accuracy have beenimproved. Largely what we want to point is that both of these modes require priorknowledge of the network distribution and establishment of feature library first, so theirself-adaptability and the ability to cope with unexpected situations are somewhat poor.And such a feature library is established by subjective, thus they cannot reflect thecharacteristics of the network itself. Therefore, it is still difficult to ensure its accuracy.The focus of all the approaches above is the accuracy of the anomaly detection.However, with the development of the Internet technology, the environment of theInternet becomes more and more complex than ever before, and various suddenanomalies and attacks often make detection system unprepared. The fast and real-timeof the anomaly detection becomes more and more important, which makes us need a more rapid and accurate detection method to deal with new problems emerging.Due to the shortage of the conventional detection methods in terms of speed, a fastanomaly detection scheme is proposed in this paper, which is based on research into"self-similar"feature. Through the iterative estimation of Hurst parameter, the trafficanomaly can be determined. At first, we made research on iterative algorithm, andproposed an improved method for the accuracy of the algorithm, and then we validatedits advantage in accuracy using fractal Gaussian noise, and analyzed its effectiveness.Some improvement for its applicability in the network traffic anomaly detection alsohas been made. At last, we made simulation in MATLAB. Using real network trafficdata, we did research on two cases of the normal traffic and the abnormal traffic. Theresults show that our scheme has clear advantage in detection speed and accuracycompared with other schemes based on self-similarity, so it can serve as a new way infast network anomaly detection. |
PDF Full Text Request