Large-Scale Network Traffic Anomaly Analysis

With the expansion of network size and the increase of services provided, the rapid development of the Internet brings us a lot of convenience. However, this also results in the menaces from various kinds of security incidents, which enable network-monitor to face the greater challenges. Network traffic anomaly analysis is a key part of network-monitor, whether the network anomaly is detected accurately or not is very import to improve network availability and reliability.The characteristic of the large-scale network traffic data is many dimensions, rapid, large, while the availability of today's statistic analysis based on time sequence and wavelet analysis based on signal dealing with is limit. So a simple and effective anomaly analysis method is in great need. This thesis presents some new methods to detect the large-scale network traffic anomaly analysis, which not only improve the capability to detect anomaly and anomaly classification, but also realize network-monitor function.First of all, we study subspace method which has been presented, and in experiment environment realize the process of detecting the large-scale network traffic anomalies applying subspace method. Through the results'contrast analysis, it shows that the traffic anomaly detection based on subspace method has a higher detection precision. Then in terms of improvement of the large-scale network traffic anomaly detection and anomaly classification methods based on entropy, we present a new method of distributed anomaly detection. The experiment proves that this method operates simply and reduces the detection time greatly, which can satisfy the request of the online detection. Finally, we present the large-scale network traffic anomaly detection system frame model, which is made up of traffic data collection and pre-disposal model, anomaly analysis model, synthesis analysis and visualized model. Several practices have been made to prove that the model is effective and practical.