The Research Of Real-Time Detection Of Network Anomalies Based On Traffic Analysis

With the rapid development of network, the scale and complexity are increasing and the heterogeneous is much higher than before. On the other hand, users advance higher request about network service, which makes the management of networks become more difficult. Consequently, it is difficult to detect anomalies accurately in real-time network management, which becomes an important research problem. The anomaly detection of network traffic is the key point in anomaly management for network. Traffic anomalies can significantly disrupt and degrade network service. Therefore, making real-time monitor and management and finding out anomaly for network traffic has significant meanings in improving both robust and available for network.At first, this paper introduces the survey and technologies of anomaly detection. Then analyses and evaluates are discussed for common anomaly detection algorithms.In order to real-time detection of netwok anomalies, an algorithm based on steady model is proposed. Both weighted mean value and variance statistics method are used to build and update the steady model. Furthermore, ROC curve method is used to assess performance. The complexity of the new algorithm is comparatively low with occupying little system resource and the algorithm possesses real-time auto-alarm function. Simulation shows the study is a valuable reference for advancing exploration of real-time traffic anomaly detection.For non-stationary traffic, a general method is proposed based on a separation of the non-stationary traffic into disjoint components corresponding to normal and anomalous network conditions. This separation can be performed effectively by both marginal distribution and residuals analysis of parameters for anomalous component. Experimental result shows the method can deal with non-stationary traffic data, so anomaly detection of real network traffic is implemented.Finally, a framework of anomaly detection in large-scale networks is proposed. As an example, IP Forwarding anomaly detection is analyzed. A simple, robust method is proposed that relies on high-resolution measurements and on-line analysis of network traffic to provide real-time alarms in the incipient phase of network anomalies. The anomaly identification algorithms based on behavior model using path changes, flow shift and packet delay variance.