Wavelet Analysis Of Network Traffic Anomaly Detection Method

ABSTRACT Network traffic anomaly refers to the status that traffic behaviors depart from the normal behaviors. Many reasons, such as the misuse of network equipments, network operations anomaly, flash crowd, network intrusion and so on will cause network anomaly. The characteristic of anomaly traffics is that it breaks out without any omen and can destroy networks and computers in a short time (For instance, the outburst of traffic behavior caused by specific attack programs or worm burst). Therefore, to detect anomaly rapidly and accurately is one of the precondition of ensuring the efficient network operation and detection of anomalous traffic has become the attractive and valuable subject in the present academic and industrial circles. This paper intends to research the wavelet packet analysis method which can detect the anomaly accurately and reliably, and achieve the real-time performance; aim at the problem of traffic anomaly detection, research the fast wavelet (packet) transform algorithm based on sliding window; as the traffic anomaly make a difference to the network traffic IDC characteristic, research and implement the detection based on traffic IDC characteristic.(1) At first, this paper summarizes the network traffic anomaly detection methods. Analyzing the research actuality both here and abroad, we categorize the network traffic anomaly detection methods, point out the deficiency of the present researches, aim at the problems, proposed some new research clews and possible technology lines.(2) This paper presents some basic theory about wavelet analysis, and proposes a fast wavelet (packet) algorithm based on sliding window. By storing the part of wavelet packet coefficients in memory in advance, we avoid repeating calculation and gain a fast wavelet algorithm at the cost of increasing some storage space. The experiments proved that the fast algorithm can sufficiently support our network traffic anomaly detection mechanism.(3) Aiming at the deficiency of present methods of network traffic anomaly, this paper proposes a new scale-adaptive detection mechanism. By means of wavelet packet decomposition, our method has the same detective ability to middle and high frequency as well as low frequency anomaly; by means of reconstruct the wavelet packet...