| Anomaly detection and analysis based on network traffic are important in network and security management.In recent years, anomaly detection and analysis methods can be divided into:based on feature/behavior, based on traffic mining research and based on statistics. PCA is mainly statistical research methods, but the traditional PCA method does not consider how to reduce the detection false alarm rate, and anomaly analysis are very complex, costly.In this paper, from the application layer protocol point of view, Wavelet analysis is applied to deal with the noise of raw data, and PCA method is used to model the traffic, and then SPE statistic and Hotelling T2 statistic are used to detect and analysis anomaly.Finally, detection results are divided into four different types of classification by the two statistics. The main contributions of this paper are as follows:(1) The traditional PCA method was improved. Based on wavelet denoising of Principal Component Analysis, wavelet analysis is applied to deal with the noise of raw data, and then PCA method is used to model the traffic. Experiments show that traffic anomalies can be effectively monitored with SPE Statistic control chart, and Wavelet denoising reduces the false alarm rate of anomaly detection by 55.6%.(2) A traffic data matrix is constructed with the application layer metrics, and the main causes of the anomalies can be found out with contribution plot of SPE Statistic. Experiments show that this method can locate the cause of anomaly to application protocol and applications.(3) MAN(Metro Area Network) traffic flow asymmetry discrepancy, and different application protocol packets correspond to different sizes.A traffic data matrix is rebuilded by this feature, and this new method can dig out the source of anomaly and anomaly packet size.(4) Hotelling T2 statistic is used to anomaly detection,and detection results are divided into four different types by SPE statistic and Hotelling T2 statistic,so anomaly can be accurately distinguish. |
PDF Full Text Request