| Along with the coming of the information ages, the network began to develop rapidly. Various new services have been increasing so continuously that the network detection is facing serious challenges. The process of network detection is to collect the data which indicate the running status of the network and devices, to find out the anomaly phenomena of the network via the statistic and analysis of the data, and to give relevant alarms to network managers. Network anomaly detection, one of the most important segments of the network detection, is of great important to guarantee the natural running of the network.This thesis analyses the current techniques of network anomaly detection, divides them into static detection technique and dynamic detection technique according to their characteristics. After the investigation of the theory and the complexity of calculation and realization, the thesis sums up the suitable circumstances, the merits and the flaws of the technique. At the same time, it analyses the current traffic models, and divides them into long-range dependence traffic model and short-range dependence traffic model according to their dependent characteristics, and describes their suitable circumstances and complexity to realize.Based on the study of the network anomaly detection and traffic model technology, aimed with the special LAN in campus, the thesis presents an adaptive threshold value method to realize the network anomaly detection by collecting traffic data according to the way of student's life and study. The process is to use the traffic data to set up a seasonal ARIMA model- ARIMA(1,1,1)(1,1,1)24, evaluate its parameters, and diagnose its residual series and fit. And then, it calculates the threshold value by historic traffic data and the prediction of the traffic model. Finally, it detects the network anomaly by comparing the actual of network traffic and the threshold. |
PDF Full Text Request