Research On Distributed Detection Method Of Anomaly Traffics Based On Entropy

With the rapid development of Internet technology and the expansion of network size, the openness, sharing and mutuality of the Internet, to a great extent, provide us with convenience. But at the same time, we must confront with all sorts of network security problems. Anomaly detection as the network security protection system has gradually become the research emphases in the network security area. Network anomaly traffics analysis is a key part of the anomaly detection, detected abnormal accurately and timely on improving network availability and reliability has the extremely vital significance.First of all, the paper makes some analyses and researches to the existing network anomaly traffics detection methods, each method has its own characteristic and applicability. According to large network traffic data with dimensions and rapid speed, and the characteristics of various abnormal attacks, while the availability of the existing statistic analysis based on time sequence and wavelet analysis based on signal dealing with this kind of data ability is limit. It is necessary that a simple and effective anomaly analysis method detect abnormalities quickly and accurately.This paper proposes a distributed detection method of anomaly traffics based on entropy. It uses OD flow link level as test object and introduces entropy theory, which extracts flow data according to flow feature attribute, and reflects the changes of the flow characteristic value. Then, the paper preprocess the traffic data using the principal component analysis methods and subspace methods combined, in the meanwhile, they separate out the abnormal points. Finally, K-means dynamic clustering method will classify the network anomaly traffics according to analysing the characteristics of network attack. So this method can achieve the distributed detection of network traffic anomaly.The result, which has been turned out by many simulated attacks and contrasting centralized anomaly detection method shows that using the abnormal flow distributed detection method based on entropy can effectively discover the abnormal traffic and make a good distinction between the different abnormal flow. This method, which operation is simple, the processing time is short, in the meanwhile, it has the lower false negative rate and false alarm rate. To some extent, the method propsed in this paper improve the network anomaly traffics detection and classification ability and provide the valuable reference for designing actual distributed anomaly detection system.